On June 9, Chester Wisniewski wrote (but I missed):
The same Lebanese hacker who targeted Sony Europe on Friday has now dumped a database from Sony Portugal.
The hacker claims to be a grey hat, not a black hat, according to his post to pastebin.com.
“I am not a black hat to dump all the database I am Grey hat”
Instead of dumping the entire database like many previous Sony attackers, idahc only dumped the email addresses from one table in Sony’s database.
He claims to have discovered three different flaws on SonyMusic.pt, including SQL injection, XSS (cross-site scripting) and iFrame injection.
Read more on Naked Security.