This article was published on June 2, 2011

Hackers claim compromise of 1 million Sony Pictures users’ information.


Hackers claim compromise of 1 million Sony Pictures users’ information.

The troubles just don’t stop for Sony. Now hacking group LulzSec is claiming to have stolen the user account information of over 1 million users and released samples of it in a torrent file. You can read the hacking group’s announcement here.

LulzSec is calling the hacking ‘Sownage’ and is saying that the torrent file, which we will not directly link here, includes collections of data stolen from internal Sony networks and websites that they accessed ‘easily’.

We recently broke into SonyPictures.com and compromised over 1,000,000 users’
personal information, including passwords, email addresses, home addresses,
dates of birth, and all Sony opt-in data associated with their accounts.
Among other things, we also compromised all admin details of Sony Pictures
(including passwords) along with 75,000 “music codes” and 3.5 million “music coupons”.

LulzSec claims that they used a ‘very simple’ method to hack the Sony Pictures site, one that did not require any special skills to perform.

Our goal here is not to come across as master hackers, hence what we’re about
to reveal: SonyPictures.com was owned by a very simple SQL injection, one of
the most primitive and common vulnerabilities, as we should all know by now.
From a single injection, we accessed EVERYTHING. Why do you put such faith in
a company that allows itself to become open to these simple attacks?

the hacking group goes on to say that Sony ‘deserved’ it, as it claims that the company was storing over 1,000,000 user account passwords in plaintext, with no encryption.

Sony stored over 1,000,000 passwords of its customers in plaintext, which means it’s just
a matter of taking it. This is disgraceful and insecure: they were asking for it.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

LulzSec says that the accounts include databases in Belgium and the Netherlands, as well as Sony staffers. As of now there is little in the way of verification that LulzSec is telling the truth, but if so, this would be another in a long line of data security troubles that have afflicted the electronics giant.

Sony’s PlayStation network was hacked in April by an as-yet undisclosed hacking group. Since then the company has been beset by exploits and phishing attacks that have thrown into doubt Sony’s ability to protect its users data.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with