When we thought Sony was finally secure, a group that calls itself "Lulz Security" broke into three well-known Sony websites: Sony Pictures, Sony Music Belgium and Sony Music Netherlands. 1,000,000 user profiles were compromised, with sensitive information include passwords, home addresses and passwords finding its way onto Internet file sharing services.
The hacking group left the following message on its Twitter account:
We recently broke into SonyPictures.com and compromised over 1,000,000 users’ personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 ‘music codes’ and 3.5 million ‘music coupons’.
According to the hackers, the attack was possible thanks to a simple SQL injection, similar to other attacks in the past. After all, it was Lulz Security that performed a similar attack on Sony Music last month.
Interestingly enough, the passwords have been leaked out in text form, completely unencrypted, which once again leads to questions on how careful Sony has been about security lately. The leak also includes sales reports, gift card codes and coupons. Sony, once again, has released a statement apologizing:
“We have confirmed that a breach has occurred and have taken action to protect against further intrusion,” Michael Lynton, chairman of Sony Pictures Entertainment, said in a statement. “We also retained a respected team of experts to conduct the forensic analysis of the attack.”
If you read Redmond Pie regularly, you should be aware this isn’t the first , or second time that Sony was hacked. Over the last month, some of the company’s online properties were attacked, including Sony Music and Sony Ericsson’s Canadian online store, both leading to user information being compromised. If that wasn’t enough, PlayStation Network was down for one full month due to a break-in in April that led to credit card information and user addressed being leaked. The service was finally brought back on Thursday in most countries.
If you want to find out whether your data has been accessed, our friends at Gizmodo have developed an exclusive browser-based tool that scans the leaked database. Just by typing in your e-mail address, this tool will tell you whether your data has been compromised or not. It’s important to stress that this tool might not work as expected in Internet Explorer. Make sure you check out the tool here.
If you suspect your data has been compromised, change your password and secret questions immediately.