Here are some links from SOE explaining the issues: SOE Customer Service Security Update
And Press Release
* SOE servers were hacked. Hackers gained everyone's personal info, including name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password. (A hashed password may or may not be secure, depending on how much other information the hackers have and how skilled they are. Theoretically, it should be secure but we don't know the extent of their access.)
* Credit card and bank info is supposedly safe, except for some non-US customers. SOE will be informing them if it is suspected their information is compromised.
* SOE is working to discover what happened and to secure their networks going forward.
* SOE recommends everyone be alert for suspicious email, phone and other contacts. Watching your credit reports and banking and credit cards is recommended and they offer some ways to do so.
* No information is available as to when EverQuest will be back up. It is likely that SOE has no idea. There isn't much doubt that they are working around the clock to try to identify and fix this, but it is very complex and difficult. They do not want to bring the game and their web sites back up until they are sure it is safe. It could be as long as weeks, judging by the PlayStation Network, which has been down since April 20, 2011.
* Subscribers of SOE games, including EverQuest, will get 30 days added to their subscriptions for free. In addition, they will be "compensated" one day for each day they are down. It is likely that the compensation is additional days added to their accounts, rather then a cash refund.
More will be reported here as we learn more.
UPDATE: According to the Associated Press, the SOE servers were hacked on April 16 and 17. Sony has obviously done some major investigation into all their systems after the PlayStation Network hack was discovered and just recently figured out that SOE was also compromised.
"We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1 we concluded that SOE account information may have been stolen and we are notifying you as soon as possible," Sony said in a message to customers.
UPDATE: According to joystiq.com:
SOE has provided us with the following statement, in which it confirms that its user data was stolen as part of the original [PlayStation Network] intrusion -- not a second attack. "While the two systems are distinct and operated separately, given that they are both under the SONY umbrella, there is some degree of architecture that overlaps. The intrusions were similar in nature. This is NOT a second attack; new information has been discovered as part of our ongoing investigation of the external intrusion in April.".