LulzSec, the hacking group that recently made its way into the news for hacking into PBS, claimed today that they have broken into several Sony Pictures websites and accessed unencrypted personal information on over 1 million people. The group has publicly posted a full list of compromised sites, along with links to documents containing samples of what it claimed was material stolen from Sony.
LulzSec released this statement earlier today
We recently broke into SonyPictures.com and compromised over 1,000,000 users' personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 "music codes" and 3.5 million "music coupons".
Due to a lack of resource on our part (The Lulz Boat needs additional funding!)we were unable to fully copy all of this information, however we have samples for you in our files to prove its authenticity. In theory we could have taken every last bit of information, but it would have taken several more weeks.
Our goal here is not to come across as master hackers, hence what we're about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?
What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it.
This is an embarrassment to Sony; the SQLi link is provided in our file contents, and we invite anyone with the balls to check for themselves that what we say is true. You may even want to plunder those 3.5 million coupons while you can.
This latest hacking at Sony Pictures is just the latest in a seemingly endless series of intrusions at Sony, which began with massive breaches in April that compromised account information on 77 million users of Sony’s PlayStation Network, and another 25 million at Sony Online Entertainment.
Hopefully Sony will move to step up security around all of the company's online properties to prevent any more hemorrhaging!!
Related Articles:
- CNet - Sony confirms Lulzsec compromised server data
- InformationWeek - Sony Hacked Again, 1 Million Passwords Exposed
No comments:
Post a Comment
All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.
Thank you
Geek-News.Net