CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
June 2nd, 2011

Sony Attacked Again, 1 Million Users Compromised At SonyPictures.com

Sony reportedly suffered yet another hack attack on Thursday. This time, a group of hackers claims to have accessed the SonyPictures.com servers and compromised personal data belonging to one million customers.

Hacker group LulzSecurity, fresh off its retaliatory attack on a PBS website over a Wikileaks documentary, claimed responsibility for the Sony hack. In a release posted on the group’s website, the hackers claimed they obtained “personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts.” The group also claimed that the hack “compromised all admin details of Sony Pictures (including passwords) along with 75,000 ‘music codes’ and 3.5 million ‘music coupons.’”

Shockingly, Lulzsec alleged that Sony left this information unencrypted and exposed to relatively elementary attacks:

Our goal here is not to come across as master hackers, hence what we’re about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?

What’s worse is that every bit of data we took wasn’t encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it’s just a matter of taking it. This is disgraceful and insecure: they were asking for it.

While working to recover from the massive PlayStation Network hack that affected millions of customers around the world in April, Sony faced harsh criticism for the network’s vulnerabilities and eventually promised that PSN security had been dramatically increased. If Lulzsec’s accusations about Sony Pictures are true, Sony may have to rethink security measures for all its online properties.

Sony officials could not immediately be reached for comment.

Credit: HuffingtonPost.com, Reuters.com

Share this item with others:

More on CyberInsecure:
  • Sega Confirms Customer Service System Breach, 1.3 Million Records Stolen
  • Sony Second Data Breach Expose Over 24 Million Personal And Financial Records
  • PlayStation Network Investigates Intrusion, Down For Over 3 Days
  • Sony PlayStation Network Breached, 77 Million Users Private Data Stolen
  • Gamers Accounts Hacked In Sony Playstation Store

    • Posted in Breaches And Incidents, Cybercrime, Data Theft, Hacked, Privacy, Trojans & Worms | Print This Post Print This Post

    This entry was posted on Thursday, June 2nd, 2011 at 3:20 pm and is filed under Breaches And Incidents, Cybercrime, Data Theft, Hacked, Privacy, Trojans & Worms. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Sony Attacked Again, 1 Million Users Compromised At SonyPictures.com

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »