So it wasn't really a "hack", but it WAS a "hole"... only if you reset the pass through the website instead of from the ps3 directly apparently. But still, I missed the logic train in using personal data which is known to be exposed as criteria for proving your identity. That just seems like a no-brainer to me. I still think this is the fault of trying to mine and store so much information (particularly when it isn't even warranted for those specific purposes.) Sony is a complete cluster **** lately. What happened over there?
Technically, you don't need to break or force anything to be considered a hack.
You are "hacking" as soon as you exploit or abuse the system for anything beyond your written rights and privileges.
No matter what, the hacker is exposed to serious legal retributions from the system owner. If a crime was committed, the hacker will also have the law on his back.
If the system owner was negligent at protecting personally identifiable information (PII) or financial data such as credit card information. Then he is also exposed to some major problems such as user class actions and even Federal/States lawsuits.
On the long run, this is going to be an interresting Sony story.
But they have so much money... They can afford to be dumb.