Sony is facing another security nightmare, with a hacker group, Lulz Security, how claiming that is has hacked the Japanese electronics giant’s Web site, compromising the details of more than 1-million customers, admin log-ins and data files.
Lulz Security posted an announcement on its site – which has since been taken down – claiming to have stolen various collections of data from various internal Sony networks and Web sites – “all of which we accessed easily and without the need for outside support or money”, it says.
“We recently broke into SonyPictures.com and compromised over 1-million users' personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts,” the group claims. “Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75 000 ‘music codes’ and 3,5-million ‘music coupons’.”
Lulz says it downloaded only a part of the information it could have.
“Our goal here is not to come across as master hackers, hence what we're about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now,” the group states.
“From a single injection, we accessed everything. Why do you put such faith in a company that allows itself to become open to these simple attacks?
“What's worse is that every bit of data we took wasn't encrypted,” it adds. “Sony stored over 1-million passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it.”
Sony has only just restored its Playstation networks after a massive attach in April possibly compromised 75-million users.