Story image

Sony hacked again; more user details compromised

03 Jun 11

A hacker group calling itself Lulzsec claimed it has (update: claimed it has) successfully breached Sony security once again, compromising hundreds of thousands of users' information on the sonypictures.com website.

No one really knows much about Lulzsec—so far there's no evidence of a link with internet loose-cannons Anonymous—but the group has claimed responsibility for the recent hack of the PBS website in retaliation for a programme which it said reflected unfairly on Wikileaks (hilarious screenshot here), and for the previous attack on Sony's PlayStation Network which has resulted in a month-plus long outage.

According to Lulzsec, today's hacking compromised "over 1,000,000 users' personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts.

"Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 music codes and 3.5 million music coupons."

The group has posted the data in a torrent file on The Pirate Bay or in handy text files on their own website, which has been intermittently down throughout the day.

The full statement from the group reads:

"Greetings folks. We're LulzSec, and welcome to Sownage. Enclosed you will find various collections of data stolen from internal Sony networks and websites, all of which we accessed easily and without the need for outside support or money.

"We recently broke into SonyPictures.com and compromised over 1,000,000 users' personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 "music codes" and 3.5 million "music coupons".

"Due to a lack of resource on our part (The Lulz Boat needs additional funding!) we were unable to fully copy all of this information, however we have samples for you in our files to prove its authenticity. In theory we could have taken every last bit of information, but it would have taken several more weeks.

"Our goal here is not to come across as master hackers, hence what we're about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?

"What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it.

"This is an embarrassment to Sony; the SQLi link is provided in our file contents, and we invite anyone with the balls to check for themselves that what we say is true. You may even want to plunder those 3.5 million coupons while you can.

"Included in our collection are databases from Sony BMG Belgium & Netherlands. These also contain varied assortments of Sony user and staffer information.

"Follow our sexy asses on twitter to hear about our upcoming website. Ciao! ^_^"

New app conducts background checks on potential tenants
Landlords and house owners need to obtain a tenant’s full name, date of birth, email address, and mobile number in order to conduct the search. And most importantly, they have to get the tenant’s permission first.
GirlBoss wins 2018 YES Emerging Alumni of the Year Award
The people have spoken – GirlBoss CEO and founder Alexia Hilbertidou has been crowned this year’s Young Enterprise Scheme (YES) Emerging Alumni of the Year.
IDC: Standalone VR headset shipments grow 428.6% in 3Q18
The VR headset market returned to growth in 3Q18 after four consecutive quarters of decline and now makes up 97% of the combined market.
Meet Rentbot, the chatbot that can help with tenancy law
If you find yourself in a tricky situation  - or if you just want to understand your rights as a landlord or tenant, you can now turn to a chatbot for help.
PlayerUnknown’s Battlegrounds (PUBG) finally releases on PS4
PUBG on PS4 feels like it’s still in Early Access as the graphics look horribly outdated and the game runs poorly too. 
How AI can fundamentally change the business landscape
“This is an extremely interesting if not pivotal time to discuss how AI is being deployed and leveraged, both in business and at home.”
CERT NZ highlights rise of unauthorised access incidents
“In one case, the attacker gained access and tracked the business’s emails for at least six months. They gathered extensive knowledge of the business’s billing cycles."
Report finds GCSB in compliance with NZ rights
The Inspector-General has given the GCSB its compliance tick of approval for the fourth year in a row.