Yesterday a group of hackers proclaimed that they had broken into various Sony’s websites announcing that they had once again compromised personal information of yet more customers of Sony Entertainment.
The group who had also posted false news on PBS.com calls themselves “Lulzsec”. Lulzec is the same group who had been promising to attacks on Sony this past weekend, in a plan they dubbed “the beginning of the end”. Now not only was the groups boasting not enough, whenever challenged to show proof of the attack, they posted samples of information on the social site Twitter. The information included things from – Sony Music Netherlands, Sony Pictures, and Sony Music Belgium.
A Quote from the Pastebin website-
“We recently broke into SonyPictures.com and compromised over 1,000,000 users' personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 'music codes' and 3.5 million 'music coupons'." –Lulzsec
The group went on to say that they lacked resources to copy all the information that was obtained from the attack on Sony, however they have said that more could have been taken but it would have taken several more weeks.
"What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it," reads the post. "This is disgraceful and insecure: they were asking for it." –Lulzsec
Lulsec claims that the group gained access to Sony Pictures with a single SQL injection.
Perhaps at this time it would be appropriate for the industry standard to change to a higher requirement of security. It has also been suggested that users who use the same information for other sites (such as email addresses and passwords) could have accounts such as those on facebook compromised.
-TwisTtheTwiTcH