The Black Pope
|Subject: Sony Network Attacked Again Sun 29 May 2011, 8:56 pm|| |
Sony network attacked again, hackers claim
A hacker group has claimed it has attacked the Sony network and
stolen more than one million passwords, e-mail addresses and other
Lulz Security said it had broken into servers that run SonyPictures.com.
The Japanese electronics giant said it was aware of Lulz Security's statement and was investigating the claims.
Sony had to apologise in April after its PlayStation Network was
attacked and hackers stole data from more than 77 million accounts.
That attack was considered the biggest in internet history and led to
Sony shutting down the PlayStation Network and other services for almost
The company has estimated the data breach will result in a $170m (£104m) hit to its operating profit.
Since then, Sony's networks have become targets for hackers and the
company has confirmed at least four other break-ins prior to the claimed
attack on Sony Pictures.
Lulz Security claims to be behind one of those attacks, an assault on Sony Music Japan.
The latest alleged attack will come as a blow to the Japanese firm, 24
hours after it announced the PlayStation Network would be fully restored
in the US and Europe, and said it had beefed up its security systems.
'Asking for it'
In a statement on Thursday, Lulz Security said it had hacked into a
database that included unencrypted passwords as well as names, addresses
and dates of birth of Sony customers.
"From a single injection, we accessed EVERYTHING," it said. "Why do you
put such faith in a company that allows itself to become open to these
"What's worse is that every bit of data we took wasn't encrypted. Sony
stored over 1,000,000 passwords of its customers in plain text, which
means it's just a matter of taking it.
"This is disgraceful and insecure: they were asking for it."
The group also recently claimed responsibility for hacking the website
of the PBS network and posting a fake story in protest at a news
programme about WikiLeaks.
From their site
Greetings folks. We're LulzSec, and welcome to Sownage. Enclosed you will
find various collections of data stolen from internal Sony networks and websites,
all of which we accessed easily and without the need for outside support or money.
We recently broke into SonyPictures.com and compromised over 1,000,000 users'
personal information, including passwords, email addresses, home addresses,
dates of birth, and all Sony opt-in data associated with their accounts.
Among other things, we also compromised all admin details of Sony Pictures
(including passwords) along with 75,000 "music codes" and 3.5 million "music coupons".
Due to a lack of resource on our part (The Lulz Boat needs additional funding!)
we were unable to fully copy all of this information, however we have samples
for you in our files to prove its authenticity. In theory we could have taken
every last bit of information, but it would have taken several more weeks.
Our goal here is not to come across as master hackers, hence what we're about
to reveal: SonyPictures.com was owned by a very simple SQL injection, one of
the most primitive and common vulnerabilities, as we should all know by now.
From a single injection, we accessed EVERYTHING. Why do you put such faith in
a company that allows itself to become open to these simple attacks?
What's worse is that every bit of data we took wasn't encrypted. Sony stored
over 1,000,000 passwords of its customers in plaintext, which means it's just
a matter of taking it. This is disgraceful and insecure: they were asking for it.
This is an embarrassment to Sony; the SQLi link is provided in our file contents,
and we invite anyone with the balls to check for themselves that what we say
is true. You may even want to plunder those 3.5 million coupons while you can.
Included in our collection are databases from Sony BMG Belgium & Netherlands.
These also contain varied assortments of Sony user and staffer information.