Sony hacked again, million passwords compromised
Sony Corporation, still reeling from a hacking attempt last April, has another of its websites attacked this Thursday. The group of hackers compromised SonyPictures.com and accessed the personal information of more than 1 million Sony customers.
The group, which calls itself LulzSec, is the same group that claimed responsibility for the recent PBS website hack. According to the group:
"We recently broke into SonyPictures.com and compromised over 1,000,000 users' personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 'music codes and 3.5 million 'music coupons'."
The group posted the personal information it accessed on the Web- including the email addresses and passwords of Sony customers. It didn't post all the information because of lack of funding. The group claims that Sony didn't encrypt any of their data. Part of their statement reads:
"SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks? What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it."
According to a report from Time the user information and millions of music coupons have been available to download on The Pirate Bay.
Sony has been under attack from hackers since it discovered in April that 100 million user accounts were stolen from the PlayStation Network. The network and other services were closed for a month and had only recently gone live again. Since this original attack, four other break-ins happened before the latest attack this Thursday. LulzSec has claimed responsibility for one of these attacks on Sony Music Japan.
SonyPictures.com hasn't been shut down and there hasn't been an official statement from Sony officials.