Shocker: Sony hacked again, over a million accounts compromised

By on June 2, 2011, 5:57 PM

It's time for another installment in the never-ending saga of Sony's security blunders. Hackers have reportedly infiltrated the company's movie site, accessing the sensitive information of more than a million accounts. The group, known as LulzSec, claims to have breached SonyPictures.com and swiped users' passwords, email and home addresses, dates of birth, along with any information submitted as part of Sony's data opt-ins.

Detailing the attack on PasteBin, LulzSec said it penetrated the company's infrastructure with a rudimentary SQL injection. Described as "one of the most primitive and common vulnerabilities," the group said it accessed everything with a single injection. In a truly embarrassing discovery, LulzSec reports that none of the user information was encrypted. In other words, Sony stored more than million user passwords in plaintext.

"Why do you put such faith in a company that allows itself to become open to these simple attacks?" the group said. "This is disgraceful and insecure: they were asking for it." LulzSec has published the stolen data on The Pirate Bay. Besides tons of sensitive user information, the group included some 20,000 Sony music coupons, 67,000 "music codes," as well as the layout of Sony's database in case you want to pillage it yourself.

This breach follows a string of recent misfortunes. Sony was forced to disable its PSN and Qriocity services for more than a month after a massive security breach that affected tens of millions of users. That fiasco is projected to cost the company some $171 million and constributes to a massive $3.1 billion loss for its fiscal year 2010. Sony has faced several other attacks in recent months, which are becoming too numerous to list.




User Comments: 61

Got something to say? Post a comment
DokkRokken said:

And once again, the end-user will be the one to suffer.

ramonsterns said:

DokkRokken said:

And once again, the end-user will be the one to suffer.

Oh well, maybe Sony can put that money to good use, rather than buy more Yachts or something.

Xclusiveitalian Xclusiveitalian said:

Sony has lost, enable Other OS and stop the madness!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

fyrfaktry fyrfaktry said:

I can only laugh at this. The first thing Sony needs to do is fire the entire IT department, and hire one with a clue about security. SQL injections? Monkeys can do those.The company is TOAST.

gwailo247, TechSpot Chancellor, said:

LOL, there is probably one division that hasn't been hacked yet, and it's VP is getting real nervous.

"Chairman Stringer, should we beef up cyber security?"

"Nah."

"Are you sure, every single division except ours has been hacked, I'm 99% sure we're next."

"Are you 100% sure?"

"Well, of course not, nothing is 100% certain in life."

"Well then if you're not 100% sure, then we'll just keep things as they are and see what happens..."

arod916 said:

I'm really tired of all these hacker a-holes attacking companies cause they got screwed somehow by them. That's a part of life, deal with it and learn from it. Then they say, "oh they taking in all this money and screwing the customer charging so much", its a f*cking business that's what they do take in money. If you don't like em don't buy from them its that simple.

Guest said:

While I certainly do not condone the actions of this hacker group, regardless of what point they are trying to make, it really makes you wonder what's going on with Sony. After the first incident, they should have looked for any security holes in their system. I don't know anything about hacking or security myself, but from what I am reading, this vulnerability really is as bad as the group claims it is.

At least maybe they'll do more than try and jury rig their network with duct tape and bubblegum.

Guest said:

who are these hackers doing it for?

they always claim it's the companies they're against, yet it's innocent people's information they're taking and publishing for all to see.

it makes so sense.

lipe123 said:

Guest said:

who are these hackers doing it for?

they always claim it's the companies they're against, yet it's innocent people's information they're taking and publishing for all to see.

it makes so sense.

Because those ****-heads at Sony will just deny it unless there is proof. Thats why users information ends up on torrent sites.

Sony has been shafting people for too long, they had this coming. The best part is they got hacked jsut recently and STILL didn't do a thing, the company stinks and deserve this.

The next step is that they need to be sued by those users whose info was released in a nice class action lawsuit for gross incompetence in regards to security and safekeeping of said data. Sony loves to sue everyone else for everything it's about time they reap what they sow!!

DokkRokken said:

Guest said:

While I certainly do not condone the actions of this hacker group, regardless of what point they are trying to make, it really makes you wonder what's going on with Sony. After the first incident, they should have looked for any security holes in their system. I don't know anything about hacking or security myself, but from what I am reading, this vulnerability really is as bad as the group claims it is.

At least maybe they'll do more than try and jury rig their network with duct tape and bubblegum.

Considering that they didn't seem to do all that much after the first big hit, I doubt it. They may exercise some better security measures in the short-term, but once all this blows over, they'll probably go right back to letting user data become easy-pickings.

And that's why I feel that it's the end-user who ultimately loses. The large companies have tonnes of money, and it's probably cheaper to offer people a free game or two than it is to spend money constantly updating security. Meanwhile, Joe Six pack will continue to lose his personal details to hackers and undesirables who claim to be doing him a service, yet value their own privacy and security above his.

The pro-active thing would be to spread awareness to common people. In a way, it has worked, but whatever 'good' message has since been overshadowed by the bad stuff. So companies like Sony will actually get public sympathy, and use it to push for even more repressive copyright, and internet laws. We will all lose.

ramonsterns said:

arod916 said:

That's a part of life, deal with it and learn from it.

Shouldn't this apply to said companies?

Someone or some group went through the trouble of destroying your name and credibility; I think it's high time you realized you were doing it wrong all along.

Guest said:

Sony will never just be the "bigger man" and enable Other OS. They prefer to lose money. This will be an eventful year.

Kibaruk Kibaruk, TechSpot Paladin, said:

arod916 said:

I'm really tired of all these hacker a-holes attacking companies cause they got screwed somehow by them. That's a part of life, deal with it and learn from it. Then they say, "oh they taking in all this money and screwing the customer charging so much", its a f*cking business that's what they do take in money. If you don't like em don't buy from them its that simple.

I must disagree with your statement. This is not only justified but needed, I'm not against Sony or anything like that but as a user I feel this empower us, meaning more secure companies and more secure data. Up until now who could say this has not happened before maybe at smaller scales and people were proffiting out of this and we could have never ever guessed about it.

This could bring more laws to protect our data and information and I'm all for it.

Maybe this was not the way, making every bit of information public to everyone is not good for anyone but again, how do you know no one has ever done this before?

Kibaruk Kibaruk, TechSpot Paladin, said:

Oh! BTW the Shocker title made me giggle.

arod916 said:

kibaruk said:

arod916 said:

I'm really tired of all these hacker a-holes attacking companies cause they got screwed somehow by them. That's a part of life, deal with it and learn from it. Then they say, "oh they taking in all this money and screwing the customer charging so much", its a f*cking business that's what they do take in money. If you don't like em don't buy from them its that simple.

I must disagree with your statement. This is not only justified but needed, I'm not against Sony or anything like that but as a user I feel this empower us, meaning more secure companies and more secure data. Up until now who could say this has not happened before maybe at smaller scales and people were proffiting out of this and we could have never ever guessed about it.

This could bring more laws to protect our data and information and I'm all for it.

Maybe this was not the way, making every bit of information public to everyone is not good for anyone but again, how do you know no one has ever done this before?

Valid point, but shouldn't we be making a bigger deal about the criminals doing the hacking? Yes security is ideal in this world but its not like Sony just left everybody's account info readily available to anyone on their homepage. Point is hackers cracked into the minimal security yet know body seems to blame them. So your saying its ok for your neighborhood thug to break into your home because instead of having an alarm system, all you had was a simple key lock?

Staff
Matthew Matthew, TechSpot Staff, said:

Not that I condone the activities we've been witnessing, but your logic is somewhat flawed arod. Millions of customers entrust their personal data to Sony, whereas that's not true for the victim in your analogy. If my neighbor housed the account credentials, credit card numbers, full names, contact details and whereabouts of millions of people, yeah, I'd definitely expect them to observe the necessary precautions to ensure some "thug" couldn't access it.

Sarcasm Sarcasm said:

DokkRokken said:

And once again, the end-user will be the one to suffer.

And if this keeps up, the millions of dollars lost will lead to more job layoffs.

What a bunch of tards.

ramonsterns said:

arod916 said:

So your saying its ok for your neighborhood thug to break into your home because instead of having an alarm system, all you had was a simple key lock?

Except it's not a house, it's a store. And the store keeps your credit card number in their files.

So no, it's not right, but necessary.

Cota Cota said:

I can only imagine how sad/frustrated are those SONY employees but im not saying i feel sorry for them, like a wise acted guy once said "a great power comes with a great responsibility" and understanding that is not rocket science not even close to network science, so even SONY employees should understand it.

@arod916 It is nothing but normal to hate some one that hurt us and yet its even more natural to hate some one to sympathy those who had been hurted, besides i want SONY dead so the PS3 dies

NeoFryBoy said:

Seriously? A SQL injection?

So, for years no one hacked Sony because they were scared of Sony's security. Now that everyone knows Sony uses a retired mall cop to keep out hackers (not metaphorically either) they are being publicly hacked and somehow the end-users are paying for it.

Guest said:

besides i want SONY dead so the PS3 dies :)

Dude, that's horrible man.

Sony will never just be the "bigger man" and enable Other OS. They prefer to lose money. This will be an eventful year.

Pretty sure it has nothing to do with that anymore, bub.

TekGun TekGun said:

Shouldn't companies who hold consumer data be regulated or something? surely they should be fined for negligence.

Sony is joke.

Trillionsin Trillionsin said:

glad to see Sony hacked again. These vulnerabilities should be exposed and I dont even care that my data was in there.

stewi0001 stewi0001 said:

wow an SQL injection... this was one of the basic things I learned to protect against in my programming class....

Uber Der... on Sony's part AGAIN!

Kibaruk Kibaruk, TechSpot Paladin, said:

arod916 said:

kibaruk said:

arod916 said:

I'm really tired of all these hacker a-holes attacking companies cause they got screwed somehow by them. That's a part of life, deal with it and learn from it. Then they say, "oh they taking in all this money and screwing the customer charging so much", its a f*cking business that's what they do take in money. If you don't like em don't buy from them its that simple.

I must disagree with your statement. This is not only justified but needed, I'm not against Sony or anything like that but as a user I feel this empower us, meaning more secure companies and more secure data. Up until now who could say this has not happened before maybe at smaller scales and people were proffiting out of this and we could have never ever guessed about it.

This could bring more laws to protect our data and information and I'm all for it.

Maybe this was not the way, making every bit of information public to everyone is not good for anyone but again, how do you know no one has ever done this before?

Valid point, but shouldn't we be making a bigger deal about the criminals doing the hacking? Yes security is ideal in this world but its not like Sony just left everybody's account info readily available to anyone on their homepage. Point is hackers cracked into the minimal security yet know body seems to blame them. So your saying its ok for your neighborhood thug to break into your home because instead of having an alarm system, all you had was a simple key lock?

If you see a car parked somewhere with the keys on the door and you just take it, whose fault it is it was stolen? The dumbarse who left the keys on the car door, the dude who just took it, both?

By law its the dude who just took it since the car didnt belong to him but... on the other hand only a dumbarse would leave the keys there for someone to just go and take it and then report it stolen, wouldnt it?

UnknownSky said:

I just want to comment, didn't feel like reading all of 'em but here it goes,

If you hack,

Do it to break into the system and prove that you can. They will know that you did. Hell send them an email with all the user information and what not. But posting it onto a torrent site and what not? Seriously? LulzSec you are a disgrace as true hackers. DO NOT post sensitive information like that ANYWHERE. Now you have the law unfortunately that's going to toss you into jail and have you give crying blowjobs to Mister Bubba.

In the end,

Nuff Said. Good? Good.

Break it to break it.

Guest said:

@kibaruk: The insurance company would say it was your fault for leaving your keys on the roof... needless to say you wouldn't be covered.

Guest said:

Good to see everyone hating sony. About time that dirty company got what's been coming for so long.

Guest said:

lol when it rains it pours. People been saying forever sony screws people over they had it coming. . Well so does the government, and countless other companies. Hackers need to grow a pair and hack someone of a challenge, sony is to easy.

Richy2k9 said:

hello ...

in fact it shows that SONY aren't being careful enough & thought it was a targeted attacks against the PS division, but it's an attack against the whole company.

cheers!

Guest said:

...maybe they're thinking "any publicity is good publicity"? :x

catburst said:

can someone tell me how sony screwed more ppl than any other company like microsoft? or any other big names? why them?

Guest said:

I don't think entering the LulzSec site is 100% secure.

Leeky Leeky said:

I must disagree with your statement. This is not only justified but needed, I'm not against Sony or anything like that but as a user I feel this empower us, meaning more secure companies and more secure data. Up until now who could say this has not happened before maybe at smaller scales and people were proffiting out of this and we could have never ever guessed about it.

This could bring more laws to protect our data and information and I'm all for it

I agree with your last sentence especially - Its frankly unacceptable to keep information regarding customers of a private, or sell-able nature, unencrypted.

If you hold such information, you should expect the worse case scenario, and therefore be prepared for it. It really makes you wonder if Sony has learnt anything from the previous hacks that left their whole system wide-open.

If a company stores our information, it should be encrypted, end of story.

Guest said:

>>If you see a car parked somewhere with the keys on the door and you just take it, whose fault it is it was stolen? The dumbarse who left the keys on the car door, the dude who just took it, both?

I'm sick of arguments like this. That and the 'breaking into a house' thing.

It's more like this:

You are having dinner with your husband/wife at a fancy hotel. You let the valet park your sports car for you, with the reasonable understanding that they will take care of it for you. Instead, they park it in the street, unlocked and with the keys in the ignition. All because they were too busy that night.

-OR-

You leave important documents in a safety deposit box at a reputable bank. Except they routinely left the safe unlocked, the codes written on a post-it note below the keypad and their security cameras were faulty. You would be much more forgiving if they had a full-scale robbery, with people shot and the safe broken into by force.

If it's your information and your valuables, then the extent to which you secure the car/house/whatever is up to you. If it someone else's information and valuables then do your darndest.

That said, I don't condone the actions of the hackers. But if a company is going to ask for and keep your personal information, they should be required by law to look after it properly. That said, you can't defend against every contingency. But seriously, SQL injection??

Guest said:

Sony,Sony... have you not grasped the principle of:

The bigger you are... the harder you'll fall!

My guess is you will keep falling... for quite a while yet!!

Burty117 Burty117, TechSpot Chancellor, said:

gwailo247 said:

LOL, there is probably one division that hasn't been hacked yet, and it's VP is getting real nervous.

"Chairman Stringer, should we beef up cyber security?"

"Nah."

"Are you sure, every single division except ours has been hacked, I'm 99% sure we're next."

"Are you 100% sure?"

"Well, of course not, nothing is 100% certain in life."

"Well then if you're not 100% sure, then we'll just keep things as they are and see what happens..."

Best Sony related Quote I have ever had the pleasure of reading!

Muggs said:

The main issue is that unless you are a geek and follow tech sites this hacking info is not being heard about on anything considered mainstream media. So it is all for naught.

TeamworkGuy2 said:

From: [link]

TeamworkGuy2 said:

:sigh: Sony, you need to pull it together.

You should realize that negative publicity on top of mega network failure on top of log-in exploits is not the way to impress customers :shake head:

:double sigh: Sony, if you won't learn from your mistakes, I won't feel bad for your.

Guest said:

@Catburst: just google OtherOS.

WTF, Sony! What kind of messed up company solicits your personal information and leaves it completely vulnerable to an SQL injection? Are you for real??? So angry. God I hate you, Sony.

And is there even really a question as to whose fault this is? What is with you people? Let me tell you, if a bank uses bubble gum to secure the money I deposited there, I WILL NOT BE BLAMING THE BURGLAR WHEN IT GETS ROBBED.

Kibaruk Kibaruk, TechSpot Paladin, said:

@Muggs: I hope the people whose accounts were given online think the same way you do.

BTW I doubt it. This undoubtetly hits Sony hard after what happened with such security risks one after another.

Guest said:

Using your argument in front of a judge will still result in the thief going to jail. The valet may end up with egg on their face and may lose some business but little would happen to them. While if I was a victim in your statement, I would be upset with the valet, but I would be really pissed at the thief.

In the end just because someone comes across a car on the street with the keys in the ignition and the motor running and windows down, does not excuse the theif from taking "WHAT IS NOT HIS/HERS".

Lets take your example a step further. Lets say you left you checkbook on the car seat when the valet parked it. Now instead of the theif stealing the car they take the checkbook and because they thought it was funny and a great way to teach the owner a lesson, posted blank checks all over town for anyone to come by and pick up and use. A few people go out and get fake ID's and cash checks all over the state. Ruining the owners credit, draining their bank account and causing al manor of hardship to you and your family.

Why does a person or group decide they are the ones to pass judgement on others and are more than willing to commit crimes to deliver this judgement....how is this justice?

All you hacker supporters seem to think that they are doing a service to the great unwashed masses. They are not! They are little more than vandles at best and identity thieves at worst.

What I feel is honestly sad in this is a hacker use to be a person/group that would find security holes and expose them, SO THEY WOULD GET IT FIXED.

Kibaruk Kibaruk, TechSpot Paladin, said:

That my friend Guest, is why companies pay big bucks to security analysts for (Except Sony for what we can see lately).

Mizzou Mizzou said:

Hard to believe that Sony has been caught with their pants down yet again. Protecting customer confidential information is clearly not as important to them as protecting their precious intellectual property.

Benny26 Benny26, TechSpot Paladin, said:

Wow...This is just one giant facepalm from Sony.

I'm still not embarrassed to own a PS3 though.

felixandy101 said:

sony tried condemning the hackers and the freewill of pirates! now they suffer.... true that the end user suffers. but this is not because of hackers.....its because of Sony....

Zecias said:

SQL injection LOL

that means that anyone with a basic knowledge of programming could hack sony.

example1013 said:

They could've at least hashed the passwords before uploading everything.

Leeky Leeky said:

Wow...This is just one giant facepalm from Sony.

I'm still not embarrassed to own a PS3 though.

Its put me off owning one as a "blueray" for the home entertainment centre though!

Benny26 Benny26, TechSpot Paladin, said:

Its put me off owning one as a "blueray" for the home entertainment centre though!

Nooooo...! I feel hurt now

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.