I don't believe I'm writing about this again, but it appears Sony has been hacked, again. Just after they were getting full restoration of their PSN network up, LulzSec has hit Sony again with an SQL injection tactic which gave them access to Sony Pictures account database. This hack let LulzSec obtain 1 million user accounts (inclusive of passwords, email and home addresses as well as DOB), all admin account details and passwords, 75,000 music codes and 3.5 million music coupons.
On top of this, opt-in data was accessible which gives even more information about Sony's customers and their preferences. One of the shocking things to come from this hack is that Sony stored all 1 million user passwords in a simple plain text file, with no encryption at all. LulzSec have said "It's just a matter of taking it, this is disgraceful and insecure: they were asking for it."
LulzSec expressed themselves further:
Our goal here is not to come across as master hackers, hence what we're about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?
- >> NEXT STORY: Thecus TopTower prototype NAS gets Sandy Bridge and USB 3.0
- << PREVIOUS STORY: Thursday Morning Roundup for June 2, 2011