Sony Attacked Again, 1 Million Users Compromised At SonyPictures.com
Sony reportedly suffered yet another hack attack on Thursday. This time, a group of hackers claims to have accessed the SonyPictures.com servers and compromised personal data belonging to one million customers.
Hacker group LulzSecurity, fresh off its retaliatory attack on a PBS website over a Wikileaks documentary, claimed responsibility for the Sony hack. In a release posted on the group’s website, the hackers claimed they obtained “personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts.” The group also claimed that the hack “compromised all admin details of Sony Pictures (including passwords) along with 75,000 ‘music codes’ and 3.5 million ‘music coupons.’”
Shockingly, Lulzsec alleged that Sony left this information unencrypted and exposed to relatively elementary attacks:
Our goal here is not to come across as master hackers, hence what we’re about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?
What’s worse is that every bit of data we took wasn’t encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it’s just a matter of taking it. This is disgraceful and insecure: they were asking for it.
While working to recover from the massive PlayStation Network hack that affected millions of customers around the world in April, Sony faced harsh criticism for the network’s vulnerabilities and eventually promised that PSN security had been dramatically increased. If Lulzsec’s accusations about Sony Pictures are true, Sony may have to rethink security measures for all its online properties.
Sony officials could not immediately be reached for comment.
Credit: HuffingtonPost.com, Reuters.com
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.