The "hack" proved that databases with huge amounts of sensitive data (not just users, passwords, and personal private information by the way) were easily accessible via an SQL injection attack. In theory, they could have downloaded the lot, but it would have taken a huge amount of time and resources to do so using remote SQL injection. Their objectives were not criminal use of the data, but to embarrass Sony, and probably massage their own egos. They did not need everything to do that. Be thankful that this group launched the attack, and hope they did so before a criminal enterprise grabbed all the data. The damage from exposing this small sample, especially with the content available to assist in mitigation, will probably be pretty limited. That would not be true if the mafia silently acquired the data, and used it before the data breach came to light.