Just when Sony thought things were finally getting back to normal, comes the news that SonyPictures.com has been hacked, and up to one millions passwords may have been stolen.
Hacking group LulzSec, who recently made headlines by hacking the website of PBS (in protest of their story on Wikileaks), has claimed responsibility. Posting on pastebin, LulzSec states that they were able to access the account details of more than one million SonyPictures.com users, along with 75,000 "music codes" and 3.5 million "music coupons". It appears only a small sample of data was taken, as the group says they lacked the resources to download everything, which would have taken weeks. The sample has been uploaded to the Internet by the group.
Amongst information that the group accessed include personal details, home addresses, email addresses, date of birth and other opt-in data.
And it appears Sony has not learned their lesson from the PSN hacking fiasco by performing a security audit all of their web assets. LulzSec claims that their hack was one of the simplest imaginable, a SQL injection type that can only happen due to poor programming on Sony's part. And worse yet, all of the passwords appears to have been stored in the database as plain text, with no encryption or hashing - a big security no-no.
From the statement posted by LulzSec, it appears the security hole may still be open, and the group has dared others to follow in their footsteps to retrieve more information, having provided instructions to do so.
Sony has yet to issue a statement at the time of writing.
Hacking group LulzSec, who recently made headlines by hacking the website of PBS (in protest of their story on Wikileaks), has claimed responsibility. Posting on pastebin, LulzSec states that they were able to access the account details of more than one million SonyPictures.com users, along with 75,000 "music codes" and 3.5 million "music coupons". It appears only a small sample of data was taken, as the group says they lacked the resources to download everything, which would have taken weeks. The sample has been uploaded to the Internet by the group.
Amongst information that the group accessed include personal details, home addresses, email addresses, date of birth and other opt-in data.
And it appears Sony has not learned their lesson from the PSN hacking fiasco by performing a security audit all of their web assets. LulzSec claims that their hack was one of the simplest imaginable, a SQL injection type that can only happen due to poor programming on Sony's part. And worse yet, all of the passwords appears to have been stored in the database as plain text, with no encryption or hashing - a big security no-no.
From the statement posted by LulzSec, it appears the security hole may still be open, and the group has dared others to follow in their footsteps to retrieve more information, having provided instructions to do so.
Sony has yet to issue a statement at the time of writing.