Sony’s entertainment distribution arm, Sony Pictures, has now been added to the list of website hacked, providing the attackers with the private details of more than a million people in their latest security breach. Names, birth dates, addresses, emails, phone numbers and passwords of people who had entered Sony promotions were published on the internet. The LulzSec group said it had once again penetrated the firm’s systems to prove how vulnerable they were to “simple attacks”. This is apparently the same group that previously launched attacks on PBS television and Fox.com.
In a Twitter message , the group said: “1,000,000+ unencrypted users, unencrypted admin accounts, government and military passwords saved in plaintext. #PSN compromised. @Sony.”
A statement posted on the pastebin.com website explained:
“Greetings folks. We’re LulzSec, and welcome to Sownage. Enclosed you will find various collections of data stolen from internal Sony networks and websites, all of which we accessed easily and without the need for outside support or money. We recently broke into SonyPictures.com and compromised over 1,000,000 users’ personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 “music codes” and 3.5 million “music coupons”.”
The group said they had been unable to copy all the information due to a lack of resources but pasted samples online, adding: “Our goal here is not to come across as master hackers… Why do you put such faith in a company that allows itself to become open to these simple attacks?” The group claims that Sony’s security systems were “disgraceful and insecure: they were asking for it”.
LulzSec’s actions come at a painful time for Sony. Executives are currently attempting to reassure authorities and customers of their efforts to safeguard the company’s networks. Personally, I’m losing count of the Sony breaches that have gone on far too long. I would think that someone there might have noticed a pattern by now, and should be doing some very serious penetration testing and system audits. But, what do I know…