Another of Sony’s websites has reportedly been hacked—this time around, the victim is SonyPictures.com. The group claiming responsibility for the breach, “LulzSec,” is the same group behind the recent PBS website hack.
A statement from the group reads, in part:
“SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks? What’s worse is that every bit of data we took wasn’t encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it’s just a matter of taking it. This is disgraceful and insecure: they were asking for it.”
The group grabbed more than just passwords, too, according to another part of the statement:
“We recently broke into SonyPictures.com and compromised over 1,000,000 users’ personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 ‘music codes and 3.5 million ‘music coupons’.”
At the moment, the SonyPictures.com website appears to be running normally, but that’s not to say that the aforementioned hack didn’t happen as everything that reportedly went on would happen behind the scenes. Boing Boing is reporting that the user info and millions of music coupons have already been made available on The Pirate Bay.
Sony has yet to comment on the matter.
(via Boing Boing)