Shocker: Sony hacked again, over a million accounts compromised

Matthew DeCarlo

Posts: 5,271   +104
Staff

It's time for another installment in the never-ending saga of Sony's security blunders. Hackers have reportedly infiltrated the company's movie site, accessing the sensitive information of more than a million accounts. The group, known as LulzSec, claims to have breached SonyPictures.com and swiped users' passwords, email and home addresses, dates of birth, along with any information submitted as part of Sony's data opt-ins.

Detailing the attack on PasteBin, LulzSec said it penetrated the company's infrastructure with a rudimentary SQL injection. Described as "one of the most primitive and common vulnerabilities," the group said it accessed everything with a single injection. In a truly embarrassing discovery, LulzSec reports that none of the user information was encrypted. In other words, Sony stored more than million user passwords in plaintext.

"Why do you put such faith in a company that allows itself to become open to these simple attacks?" the group said. "This is disgraceful and insecure: they were asking for it." LulzSec has published the stolen data on The Pirate Bay. Besides tons of sensitive user information, the group included some 20,000 Sony music coupons, 67,000 "music codes," as well as the layout of Sony's database in case you want to pillage it yourself.

This breach follows a string of recent misfortunes. Sony was forced to disable its PSN and Qriocity services for more than a month after a massive security breach that affected tens of millions of users. That fiasco is projected to cost the company some $171 million and constributes to a massive $3.1 billion loss for its fiscal year 2010. Sony has faced several other attacks in recent months, which are becoming too numerous to list.

Permalink to story.

 
I can only laugh at this. The first thing Sony needs to do is fire the entire IT department, and hire one with a clue about security. SQL injections? Monkeys can do those.The company is TOAST.
 
LOL, there is probably one division that hasn't been hacked yet, and it's VP is getting real nervous.

"Chairman Stringer, should we beef up cyber security?"
"Nah."
"Are you sure, every single division except ours has been hacked, I'm 99% sure we're next."
"Are you 100% sure?"
"Well, of course not, nothing is 100% certain in life."
"Well then if you're not 100% sure, then we'll just keep things as they are and see what happens..."
 
I'm really tired of all these hacker a-holes attacking companies cause they got screwed somehow by them. That's a part of life, deal with it and learn from it. Then they say, "oh they taking in all this money and screwing the customer charging so much", its a f*cking business that's what they do take in money. If you don't like em don't buy from them its that simple.
 
While I certainly do not condone the actions of this hacker group, regardless of what point they are trying to make, it really makes you wonder what's going on with Sony. After the first incident, they should have looked for any security holes in their system. I don't know anything about hacking or security myself, but from what I am reading, this vulnerability really is as bad as the group claims it is.

At least maybe they'll do more than try and jury rig their network with duct tape and bubblegum.
 
who are these hackers doing it for?

they always claim it's the companies they're against, yet it's innocent people's information they're taking and publishing for all to see.

it makes so sense.
 
Guest said:
who are these hackers doing it for?

they always claim it's the companies they're against, yet it's innocent people's information they're taking and publishing for all to see.

it makes so sense.

Because those ****-heads at Sony will just deny it unless there is proof. Thats why users information ends up on torrent sites.

Sony has been shafting people for too long, they had this coming. The best part is they got hacked jsut recently and STILL didn't do a thing, the company stinks and deserve this.

The next step is that they need to be sued by those users whose info was released in a nice class action lawsuit for gross incompetence in regards to security and safekeeping of said data. Sony loves to sue everyone else for everything it's about time they reap what they sow!!
 
Guest said:
While I certainly do not condone the actions of this hacker group, regardless of what point they are trying to make, it really makes you wonder what's going on with Sony. After the first incident, they should have looked for any security holes in their system. I don't know anything about hacking or security myself, but from what I am reading, this vulnerability really is as bad as the group claims it is.

At least maybe they'll do more than try and jury rig their network with duct tape and bubblegum.

Considering that they didn't seem to do all that much after the first big hit, I doubt it. They may exercise some better security measures in the short-term, but once all this blows over, they'll probably go right back to letting user data become easy-pickings.

And that's why I feel that it's the end-user who ultimately loses. The large companies have tonnes of money, and it's probably cheaper to offer people a free game or two than it is to spend money constantly updating security. Meanwhile, Joe Six pack will continue to lose his personal details to hackers and undesirables who claim to be doing him a service, yet value their own privacy and security above his.

The pro-active thing would be to spread awareness to common people. In a way, it has worked, but whatever 'good' message has since been overshadowed by the bad stuff. So companies like Sony will actually get public sympathy, and use it to push for even more repressive copyright, and internet laws. We will all lose.
 
arod916 said:
That's a part of life, deal with it and learn from it.

Shouldn't this apply to said companies?

Someone or some group went through the trouble of destroying your name and credibility; I think it's high time you realized you were doing it wrong all along.
 
Sony will never just be the "bigger man" and enable Other OS. They prefer to lose money. This will be an eventful year.
 
arod916 said:
I'm really tired of all these hacker a-holes attacking companies cause they got screwed somehow by them. That's a part of life, deal with it and learn from it. Then they say, "oh they taking in all this money and screwing the customer charging so much", its a f*cking business that's what they do take in money. If you don't like em don't buy from them its that simple.

I must disagree with your statement. This is not only justified but needed, I'm not against Sony or anything like that but as a user I feel this empower us, meaning more secure companies and more secure data. Up until now who could say this has not happened before maybe at smaller scales and people were proffiting out of this and we could have never ever guessed about it.

This could bring more laws to protect our data and information and I'm all for it.

Maybe this was not the way, making every bit of information public to everyone is not good for anyone but again, how do you know no one has ever done this before?
 
kibaruk said:
arod916 said:
I'm really tired of all these hacker a-holes attacking companies cause they got screwed somehow by them. That's a part of life, deal with it and learn from it. Then they say, "oh they taking in all this money and screwing the customer charging so much", its a f*cking business that's what they do take in money. If you don't like em don't buy from them its that simple.

I must disagree with your statement. This is not only justified but needed, I'm not against Sony or anything like that but as a user I feel this empower us, meaning more secure companies and more secure data. Up until now who could say this has not happened before maybe at smaller scales and people were proffiting out of this and we could have never ever guessed about it.

This could bring more laws to protect our data and information and I'm all for it.

Maybe this was not the way, making every bit of information public to everyone is not good for anyone but again, how do you know no one has ever done this before?

Valid point, but shouldn't we be making a bigger deal about the criminals doing the hacking? Yes security is ideal in this world but its not like Sony just left everybody's account info readily available to anyone on their homepage. Point is hackers cracked into the minimal security yet know body seems to blame them. So your saying its ok for your neighborhood thug to break into your home because instead of having an alarm system, all you had was a simple key lock?
 
Not that I condone the activities we've been witnessing, but your logic is somewhat flawed arod. Millions of customers entrust their personal data to Sony, whereas that's not true for the victim in your analogy. If my neighbor housed the account credentials, credit card numbers, full names, contact details and whereabouts of millions of people, yeah, I'd definitely expect them to observe the necessary precautions to ensure some "thug" couldn't access it.
 
DokkRokken said:
And once again, the end-user will be the one to suffer.

And if this keeps up, the millions of dollars lost will lead to more job layoffs.

What a bunch of tards.
 
arod916 said:
So your saying its ok for your neighborhood thug to break into your home because instead of having an alarm system, all you had was a simple key lock?

Except it's not a house, it's a store. And the store keeps your credit card number in their files.

So no, it's not right, but necessary.
 
I can only imagine how sad/frustrated are those SONY employees but im not saying i feel sorry for them, like a wise acted guy once said "a great power comes with a great responsibility" and understanding that is not rocket science not even close to network science, so even SONY employees should understand it.

@arod916 It is nothing but normal to hate some one that hurt us and yet its even more natural to hate some one to sympathy those who had been hurted, besides i want SONY dead so the PS3 dies :)
 
Seriously? A SQL injection?

So, for years no one hacked Sony because they were scared of Sony's security. Now that everyone knows Sony uses a retired mall cop to keep out hackers (not metaphorically either) they are being publicly hacked and somehow the end-users are paying for it.
 
Cota said:
besides i want SONY dead so the PS3 dies :)

Dude, that's horrible man.

Sony will never just be the "bigger man" and enable Other OS. They prefer to lose money. This will be an eventful year.

Pretty sure it has nothing to do with that anymore, bub.
 
Shouldn't companies who hold consumer data be regulated or something? surely they should be fined for negligence.
Sony is joke.
 
glad to see Sony hacked again. These vulnerabilities should be exposed and I dont even care that my data was in there.
 
wow an SQL injection... this was one of the basic things I learned to protect against in my programming class....

Uber Der... on Sony's part AGAIN!
 
Back