Hacker group steals details of a million Sony users

“Every bit of data we took wasn’t encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext…”

Amplify’d from www.newscientist.com
sonyhacking.jpg

Sony has suffered another massive data breach, with a hacker group known as Lulz Security, or LulzSec, claiming to have stolen details about one million users from SonyPictures.com.

In a statement, LulzSec say they are not attempting to come across as “master hackers”, but instead wish to highlight Sony’s lax security. They say:

Every bit of data we took wasn’t encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it’s just a matter of taking it.

The group says the data stolen includes users’ passwords, email addresses, home addresses and dates of birth, and has placed samples online for others to verify their claim.

LulzSec say they accessed SonyPictures.com with an SQL injection, in which attackers exploit vulnerabilities in a website and force it to run unauthorised code. The group calls this “one of the most primitive and common vulnerabilities”, and asks: “Why do you put such faith in a company that allows itself to become open to these simple attacks?”

Sony says it is aware of LulzSec’s statement and is investigating the
issue. “We are looking into these claims,” Jim Kennedy, executive vice
president of global communications for Sony Pictures Entertainment, told the Associated Press.

AP also called a number listed by LulzSec and verified that it belonged to a woman in Minnesota, who confirmed the rest of her details.

This latest attack comes as Sony recovers from a previous hacking
incident, with its PlayStation Network only just fully restored after a month-long outage.

It is also the latest in a string of security breaches carried out by LulzSec, who last weekend hacked into and defaced the website of PBS, the US public broadcasting organisation, and previously stole data from the Fox broadcasting company.

Meanwhile, infamous hacktivist group Anonymous today said it has stolen
10,000 emails from Iran’s Ministry of Foreign Affairs as part of its
latest endeavour, OpIran.

Anonymous carried out its attacks as a response to Iranian crackdowns on anti-government protests, with one member telling The Epoch Times they aimed to damage the image of Iran “both in cyber space and the real world.” The emails were taken from the Iranian Passport and Visa Office, and appear to be mostly visa applications.

New Scientist

See more at www.newscientist.com

 

Advertisements

About stephenbishop

Just an ordinary guy trying to make it in this crazy world.
This entry was posted in Uncategorized and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s