IF you're one of the 77 million people signed up to the PlayStation Network, criminals could already know your name, your address and perhaps even your credit card number.
That's what electronics giant Sony is telling users of its online gaming service today.
The PlayStation Network, or PSN, has been offline since last week. In recent days Sony said the outage was the result of an "external intrusion".
Now the company has revealed just how much trouble it’s in.
Overnight Sony began sending an alert to "all of our registered account holders" telling them that their personal information had been stolen.
"We believe that an unauthorised person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID," the alert said.
"It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained.
"While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility.
"If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."
The company said the PSN was still offline and it had hired a security firm to "conduct a full and complete investigation into what happened".
In the meantime, it has asked PSN users to be "vigilant" about the possibility of identity theft and to review their credit card statements.
Sony warned customers not to fall for any scam messages including those that appeared to be from the company itself.
"Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking," it said.
You can read the full security alert
here.