More troubles for Sony and its customers, as a hacker group called LulzSec publicly announced that it has hacked servers at Sony Pictures and Sony BMG. More than 1 million user accounts including email addresses and passwords were stolen.
As Wired reports, the hacker group, LulzSec announced that it hacked servers at Sony Pictures and Sony BMG. The hackers posted messages to Twitter about its “Sownage” campaign and posted links to download what the group claimed was a giant cache of Sony user data.
The giant cache of data included names, passwords, e-mail addresses, home addresses, and dates of birth for thousands of people. The hackers apparently exploited a vulnerability on a Sony page advertising the company’s Ghostbusters franchise to obtain the sensitive information.
The group also posted the website’s address in the data cache and encouraged other hackers to “tear the living shit out of it while you can; take from them everything!” Sony eventually took down the website.
Apparently, Sony customers use the same password on the Sony account for their Gmail and Facebook accounts. This allowed the hackers to gain access to the Gmail and Facebook accounts.
LulzSec issued a “pretentious press statement” stating that “SonyPictures.com was owned by a very simple SQL injection” which basically exploits a web applications vulnerability. The statement also said that Sony was “asking for it” by storing more than 1 million user passwords in plain text, instead of encrypting them. “It’s just a matter of taking it. This is disgraceful and insecure.” The hackers also compromised “all admin details of Sony Pictures” including passwords and 75,000 music codes and 3.5 million music coupons.
Sony has been in the spotlight lately as the company’s PlayStation Network and its Store services were compromised. Perhaps this attack had something to do with Sony’s war against hackers?
Sony has yet to release a formal statement and has yet to confirm or deny the hack. You can follow all of Sony’s troubles here.