Sony suffer new hacking problem

[Dark Drakan]

This time not involving their PS3. According to reports this morning a hacker working on behalf of LulzSec who were responsible for the hacking and defacing of PBS.org's homepage has hacked into Sony Pictures customers accounts. They claim to have exposed 1 million peoples accounts with 75,000 music codes and 3.5 million coupons associated with Sony Pictures customers being affected too.​

LulzSec said they simply didnt have the manpower to collect as much of the data as they could have dont but they collected databases containing thousands of usernames. They arent believed to have taken them for profit but are merely poking fun at Sony's security. Something which has been heavily criticised as of late with PSN on their PS3 being hacked. They also claim that all the data taken was unencrypted and includes passwords, email addresses, dates of birth amongst other registration information. ​

Heres the quote from the hackers themselves:​

Greetings folks. We're LulzSec, and welcome to Sownage. Enclosed you will find various collections of data stolen from internal Sony networks and websites, all of which we accessed easily and without the need for outside support or money. We recently broke into SonyPictures.com and compromised over 1,000,000 users' personal information, including passwords, email addresses, home addresses,dates of birth, and all Sony opt-in data associated with their accounts.

Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 "music codes" and 3.5 million "music coupons". Due to a lack of resource on our part (The Lulz Boat needs additional funding!) we were unable to fully copy all of this information, however we have samples for you in our files to prove its authenticity. In theory we could have taken every last bit of information, but it would have taken several more weeks.

Our goal here is not to come across as master hackers, hence what we're about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in
a company that allows itself to become open to these simple attacks?

What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it. This is an embarrassment to Sony; the SQLi link is provided in our file contents, and we invite anyone with the balls to check for themselves that what we say

is true. You may even want to plunder those 3.5 million coupons while you can. Included in our collection are databases from Sony BMG Belgium & Netherlands. These also contain varied assortments of Sony user and staffer information.

 

[Skotekal]

...Really? No, really? That's just ridiculous.

 

[Arseface]

Sony's ****, innit.

 

[Dentie]

I got a playstation but I don't care my password is different from all my other passwords, I don't use the e-mail I use for PSN, all my personal information isn't right and I got the 2 free games

 

[Dentie]

Damn I just checked out the site and they really have hard passwords. All the passwords are the same as their usernames:S