And just when you thought it was safe to go back online on Sony, and their online services such as the PlayStation Network, a group called LulzSec today has managed to hack SonyPictures.com, resulting in over 1 million accounts being compromised.
Greetings folks. We’re LulzSec
We recently broke into SonyPictures.com and compromised over 1,000,000 users’ personal information.
As was revealed in PlayStation Network breach last month, SonyPictures.com hack exposed the fact that Sony once again was caught storing sensitive information, such as user account passwords, in plain text format without any encryption of sorts.
What’s worse is that every bit of data we took wasn’t encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it’s just a matter of taking it. This is disgraceful and insecure: they were asking for it.
Hacker group LulzSec claimed to have got full access to database via a very simple SQL injection, which included information such as: passwords, email addresses, date of birth and full home addresses of over 1 million user accounts registered on the Sony Pictures website. Apart from that, some 3.5 million music coupons and around 75,000 music codes are also said to have been taken over.
The pain for Sony doesn’t end here. Unlike last month’s PlayStation Network breach, LulzSec team has posted user data publicly online which includes over 39,000 email addresses and password combinations, home addresses, date of birth, admin details of Sony Pictures (including passwords) and other information.
It all began back in April when PlayStation Network site was hacked multiple times, before Sony decided to take it completely offline. Other Sony online properties such as Sony Music Japan and Sony Ericsson Canada has also been broken into, with user details being completely compromised.
It’s been reported that the Japanese-based company has lost around $173 million repairing the damages and refunding users for PlayStation Network breach alone.