Sony websites hacked once again, 1 million accounts stolen

3 June 2011

Late on Thursday (2 June 2011) the LulzSec hacking group claimed to have executed their ‘Sownage’ plot, successfully compromising a number of Sony websites, including two Sony websites in the Netherlands and Belgium, and the massive SonyPictures.com domain.

In the build up to this attack, LulzSec was brazenly taunting Sony over their lack of security, Tweeting: “Hey @Sony, you know we’re making off with a bunch of your internal stuff right now and you haven’t even noticed? Slow and steady, guys.”

LulzSec has now issued a statement claiming: “We recently broke into SonyPictures.com and compromised over 1,000,000 users’ personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 “music codes” and 3.5 million “music coupons”.”

By way of evidence, LulzSec has uploaded the various databases on file distribution networks, and linked to them on their website.

“Our goal here is not to come across as master hackers,” explains LulzSec – “hence what we’re about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?”

“What’s worse is that every bit of data we took wasn’t encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it’s just a matter of taking it. This is disgraceful and insecure: they were asking for it.”

“This is an embarrassment to Sony; the SQLi link is provided in our file contents, and we invite anyone with the balls to check for themselves that what we say is true. You may even want to plunder those 3.5 million coupons while you can,” states LulzSec.

Sony’s embarrassment and flawed security

The attack on Sonypictures.com and two Sony websites in the Netherlands and Belgium represents a new embarrassment for the Japanese electronics giant, which is still struggling to cope with a massive breach of its online entertainment networks in April 2011.

Sony is only just starting to bring those services back online, with the PlayStation store grumbling into life within the last couple of days (http://mygaming.co.za/news/ps3/12081-PlayStation-Store-back.html). It seems that Sony simply cannot keep up with the rampant hacking offensive against it, and the various hacking communities appear to have sensed blood in the water on this one. Hopefully the PSN has been patched up and is secure – only time will tell.

Sony probing hacker’s claims

Sony Pictures says it is investigating the statement from LulzSec hackers claiming to have stolen more than 1 million pieces of user information.  Sony Pictures said it is aware of the LulzSec statement and looking into it.

LulzSec also recently claimed responsibility for hacking the website of PBS network to post a fake story in protest of a recent “Frontline” investigative news program on WikiLeaks. A snapshot of the hacked PBS website can be seen here.

What do you make of the latest claims of hacking attacks against Sony? << Let us know on the MyGaming forum

Source : Sapa-dpa/Sapa-AP; LulzSecurity

You have read 1 out of 5 free articles. Log in or register for unlimited access.

Read now

The best gaming website in South Africa
MyGaming proudly displays the “FAIR” stamp of the Press Council of South Africa, indicating our commitment to adhere to the Code of Ethics for Print and online media which prescribes that our reportage is truthful, accurate and fair. Should you wish to lodge a complaint about our news coverage, please lodge a complaint on the Press Council’s website, www.presscouncil.org.za or email the complaint to [email protected] Contact the Press Council on 011 4843612.