Sony has been hacked again, with attackers claiming to have broken into its systems with "disgraceful" ease and accessed a million accounts.
The attack comes just weeks after Sony was hammered by a series of hacking attacks that saw more than 100m accounts compromised, and saw the Sony PlayStation Network knocked off line for a month.
Now a hacker group going by the name of LulzSec claims to have broken into the network of Sony Pictures.
“We recently broke into SonyPictures.com and compromised over 1,000,000 users' personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts,” the group said in a statement.
What's worse is that every bit of data we took wasn't encrypted
“Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 'music codes' and 3.5 million 'music coupons'.”
The hackers claimed that they had browsed a million accounts, and downloaded samples, which they made available online.
Although the initial file has since been disabled, the Associated Press reported that it had accessed the data and phoned an 84-year-old woman in Minnesota, who confirmed that the details, including her passwords, were genuine.
Easy attack
Sony has said it is looking into the breach, which will bring further red faces for security chiefs, while the manner and embarrassing ease of the attacks will worry customers.
“SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities,” the group said in a statement. “From a single injection, we accessed everything.”
According to the hackers, the security lapse was exacerbated by the fact that the data, which included European data as well as US, wasn't encrypted.
“What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plain text, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it.”
0 comments:
Post a Comment