You are here: Home / News / Sony hacked again; including Belgian and Dutch website of Sony Pictures

Sony hacked again; including Belgian and Dutch website of Sony Pictures

Friday, 3 June 2011 By Leave a Comment

Sony was hit by hackers again last night, with its pictures website taken down and around one million passwords stolen which apparently were stored in clear text. The Belgian / Dutch websites of Sony BMG were included in the hack.

According to a statement by ‘Lulzsec’, it recently broke into SonyPictures.com and compromised over 1,000,000 users’ personal information; including passwords, email addresses, home addresses, dates of birth and all Sony opt-in data associated with their accounts.

It also claimed to have compromised all admin details of Sony Pictures (including passwords) along with 75,000 ‘music codes’ and 3.5 million ‘music coupons’. It said: “Our goal here is not to come across as master hackers, hence what we’re about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now.

“From a single injection, we accessed everything. Why do you put such faith in a company that allows itself to become open to these simple attacks?”

Lulzsec also revealed that ‘every bit of data we took wasn’t encrypted’, as Sony stored over 1,000,000 passwords of its customers in plain text.

“This is disgraceful and insecure: they were asking for it. This is an embarrassment to Sony; the SQLi link is provided in our file contents and we invite anyone with the balls to check for themselves that what we say is true. You may even want to plunder those 3.5 million coupons while you can,” Lulzsec said.

Sony Pictures have not commented on the attack yet, but did say on its Twitter feed that it was ‘looking into the claims about reports of attacks on Sony Pictures websites’.

Ross Brewer, vice president and managing director of international markets at LogRhythm, said: “What is interesting about this latest Sony attack is that it is the hacking group, rather than Sony itself, who has disclosed the breach. This raises the question: did SonyPictures.com even know that its network had been compromised?

“Perhaps it did know, but decided not to disclose it. Either way, it will be a major worry to consumers who have entrusted the company with their personal information.”

Improve our visibility and share this article with your friends !
  • Digg
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • RSS
  • Slashdot
  • Twitter
Related posts:
  1. Sony, again … oops
Filed Under: News Tagged With: , ,
About Danny Bisaerts

Danny Bisaerts has grown over the past decades from a development background into the world of Information Security and Physical Security. He has spent a lot of time in the world of finance, government, consulting, manufacturing, telecommunications and utilities ...

Danny is currently the editor of www.itsecurity.be. Email : editor@itsecurity.be
LinkedIn : Public Profile

Speak Your Mind

*

CAPTCHA Image

*