According to Kevin Stevens, an online security expert with TrendMicro, "low-level cybercriminals" are currently shopping around lists supposedly containing the credit card details of 2.2 million PlayStation Network members.
While Sony says it has "no evidence credit card numbers were stolen" in the attacks on the PlayStation Network, it has still recommended people make necessary precautions regarding their cards and bank accounts.
Stevens says the details are up for sale on the illegal forums of "carders" (people engaged in credit card fraud), and while he does not link these forums directly, says the sellers are claiming to be in possession of card holder's names, addresses, phone numbers, email addresses, dates of birth and, perhaps most importantly, full credit card details, including their CVV2 numbers (those little numbers on the back of the card).
Now, these sellers could be full of shit. I could put a listing on craigslist right now selling the moon for $US50 and there's nothing stopping me. Given the severity of the situation and the nature of the claims, though, let's hope "full of shit" is all these people are.