How about we just say this is neither Sony's or the OP's fault; the OP fell victim to some shitty hacker out in the web.
Sony had nothing to do with the hack as it seems the OP information was obtained through other means in which then the hacker/phisher used it to gain access to his account. Should Sony implement a two-factor verification? It wouldn't hurt,(probably should) will it be the all-end of these kinds of hacks? No, maybe I might sound more like an "apologists" but these "Sony's security is shit" is pretty damn hyperbolic, Sony didn't just download some AVG and Malware-bytes off the internet, I highly doubt anyone on GAF could do any damage to Sony's security, then again the PSN wasn't breached in this event.
I think people should focus more on the aspect of Sony implementing a 2-step verification and their procedures on how to handle a person that has been legitimately wronged by an event of hacking/phishing cause from anecdotal threads on gaf their customer service/certain policies seems kinda "shitty"
Hope everything works out for you OP, keep us posted.