also @ TechSpot: OCZ Vertex 450 SSD Review

Shocker: Sony hacked again, over a million accounts compromised

By

On June 2, 2011, 5:57 PM Breaking News

sony, hacki

It's time for another installment in the never-ending saga of Sony's security blunders. Hackers have reportedly infiltrated the company's movie site, accessing the sensitive information of more than a million accounts. The group, known as LulzSec, claims to have breached SonyPictures.com and swiped users' passwords, email and home addresses, dates of birth, along with any information submitted as part of Sony's data opt-ins.

Detailing the attack on PasteBin, LulzSec said it penetrated the company's infrastructure with a rudimentary SQL injection. Described as "one of the most primitive and common vulnerabilities," the group said it accessed everything with a single injection. In a truly embarrassing discovery, LulzSec reports that none of the user information was encrypted. In other words, Sony stored more than million user passwords in plaintext.

"Why do you put such faith in a company that allows itself to become open to these simple attacks?" the group said. "This is disgraceful and insecure: they were asking for it." LulzSec has published the stolen data on The Pirate Bay. Besides tons of sensitive user information, the group included some 20,000 Sony music coupons, 67,000 "music codes," as well as the layout of Sony's database in case you want to pillage it yourself.

This breach follows a string of recent misfortunes. Sony was forced to disable its PSN and Qriocity services for more than a month after a massive security breach that affected tens of millions of users. That fiasco is projected to cost the company some $171 million and constributes to a massive $3.1 billion loss for its fiscal year 2010. Sony has faced several other attacks in recent months, which are becoming too numerous to list.

,

61 comments

User Comments: 61

Got something to say? Post a comment
  1. June 2, 2011 10:39 PM
    UnknownSky said:

    I just want to comment, didn't feel like reading all of 'em but here it goes,

    If you hack,

    Do it to break into the system and prove that you can. They will know that you did. Hell send them an email with all the user information and what not. But posting it onto a torrent site and what not? Seriously? LulzSec you are a disgrace as true hackers. DO NOT post sensitive information like that ANYWHERE. Now you have the law unfortunately that's going to toss you into jail and have you give crying blowjobs to Mister Bubba.

    In the end,

    Nuff Said. Good? Good.

    Break it to break it.

    Reply
  2. June 2, 2011 10:52 PM
    Guest said:

    @kibaruk: The insurance company would say it was your fault for leaving your keys on the roof... needless to say you wouldn't be covered.

    Reply
  3. June 2, 2011 11:15 PM
    Guest said:

    Good to see everyone hating sony. About time that dirty company got what's been coming for so long.

    Reply
  4. June 2, 2011 11:36 PM
    Guest said:

    lol when it rains it pours. People been saying forever sony screws people over they had it coming. . Well so does the government, and countless other companies. Hackers need to grow a pair and hack someone of a challenge, sony is to easy.

    Reply
  5. June 3, 2011 12:28 AM
    Richy2k9 said:

    hello ...

    in fact it shows that SONY aren't being careful enough & thought it was a targeted attacks against the PS division, but it's an attack against the whole company.

    cheers!

    Reply
  6. June 3, 2011 1:26 AM
    Guest said:

    ...maybe they're thinking "any publicity is good publicity"? :x

    Reply
  7. June 3, 2011 2:38 AM
    catburst said:

    can someone tell me how sony screwed more ppl than any other company like microsoft? or any other big names? why them?

    Reply
  8. June 3, 2011 3:03 AM
    Guest said:

    I don't think entering the LulzSec site is 100% secure.

    Reply
  9. June 3, 2011 3:06 AM
    Leeky
    Leeky, TechSpot Moderator, said:

    I must disagree with your statement. This is not only justified but needed, I'm not against Sony or anything like that but as a user I feel this empower us, meaning more secure companies and more secure data. Up until now who could say this has not happened before maybe at smaller scales and people were proffiting out of this and we could have never ever guessed about it.

    This could bring more laws to protect our data and information and I'm all for it

    I agree with your last sentence especially - Its frankly unacceptable to keep information regarding customers of a private, or sell-able nature, unencrypted.

    If you hold such information, you should expect the worse case scenario, and therefore be prepared for it. It really makes you wonder if Sony has learnt anything from the previous hacks that left their whole system wide-open.

    If a company stores our information, it should be encrypted, end of story.

    Reply
  10. June 3, 2011 4:05 AM
    Guest said:

    >>If you see a car parked somewhere with the keys on the door and you just take it, whose fault it is it was stolen? The dumbarse who left the keys on the car door, the dude who just took it, both?

    I'm sick of arguments like this. That and the 'breaking into a house' thing.

    It's more like this:

    You are having dinner with your husband/wife at a fancy hotel. You let the valet park your sports car for you, with the reasonable understanding that they will take care of it for you. Instead, they park it in the street, unlocked and with the keys in the ignition. All because they were too busy that night.

    -OR-

    You leave important documents in a safety deposit box at a reputable bank. Except they routinely left the safe unlocked, the codes written on a post-it note below the keypad and their security cameras were faulty. You would be much more forgiving if they had a full-scale robbery, with people shot and the safe broken into by force.

    If it's your information and your valuables, then the extent to which you secure the car/house/whatever is up to you. If it someone else's information and valuables then do your darndest.

    That said, I don't condone the actions of the hackers. But if a company is going to ask for and keep your personal information, they should be required by law to look after it properly. That said, you can't defend against every contingency. But seriously, SQL injection??

    Reply
  11. June 3, 2011 4:08 AM
    Guest said:

    Sony,Sony... have you not grasped the principle of:

    The bigger you are... the harder you'll fall!

    My guess is you will keep falling... for quite a while yet!!

    Reply
  12. June 3, 2011 5:52 AM
    Burty117
    Burty117, TechSpot Chancellor, said:

    gwailo247 said:

    LOL, there is probably one division that hasn't been hacked yet, and it's VP is getting real nervous.

    "Chairman Stringer, should we beef up cyber security?"

    "Nah."

    "Are you sure, every single division except ours has been hacked, I'm 99% sure we're next."

    "Are you 100% sure?"

    "Well, of course not, nothing is 100% certain in life."

    "Well then if you're not 100% sure, then we'll just keep things as they are and see what happens..."

    Best Sony related Quote I have ever had the pleasure of reading!

    Reply
  13. June 3, 2011 7:58 AM
    Muggs said:

    The main issue is that unless you are a geek and follow tech sites this hacking info is not being heard about on anything considered mainstream media. So it is all for naught.

    Reply
  14. June 3, 2011 8:54 AM
    TeamworkGuy2 said:

    From: [link]

    TeamworkGuy2 said:

    :sigh: Sony, you need to pull it together.

    You should realize that negative publicity on top of mega network failure on top of log-in exploits is not the way to impress customers :shake head:

    :double sigh: Sony, if you won't learn from your mistakes, I won't feel bad for your.

    Reply
  15. June 3, 2011 9:56 AM
    Guest said:

    @Catburst: just google OtherOS.

    WTF, Sony! What kind of messed up company solicits your personal information and leaves it completely vulnerable to an SQL injection? Are you for real??? So angry. God I hate you, Sony.

    And is there even really a question as to whose fault this is? What is with you people? Let me tell you, if a bank uses bubble gum to secure the money I deposited there, I WILL NOT BE BLAMING THE BURGLAR WHEN IT GETS ROBBED.

    Reply
  16. June 3, 2011 10:07 AM
    Kibaruk
    Kibaruk, TechSpot Paladin, said:

    @Muggs: I hope the people whose accounts were given online think the same way you do.

    BTW I doubt it. This undoubtetly hits Sony hard after what happened with such security risks one after another.

    Reply
  17. June 3, 2011 10:20 AM
    Guest said:

    Using your argument in front of a judge will still result in the thief going to jail. The valet may end up with egg on their face and may lose some business but little would happen to them. While if I was a victim in your statement, I would be upset with the valet, but I would be really pissed at the thief.

    In the end just because someone comes across a car on the street with the keys in the ignition and the motor running and windows down, does not excuse the theif from taking "WHAT IS NOT HIS/HERS".

    Lets take your example a step further. Lets say you left you checkbook on the car seat when the valet parked it. Now instead of the theif stealing the car they take the checkbook and because they thought it was funny and a great way to teach the owner a lesson, posted blank checks all over town for anyone to come by and pick up and use. A few people go out and get fake ID's and cash checks all over the state. Ruining the owners credit, draining their bank account and causing al manor of hardship to you and your family.

    Why does a person or group decide they are the ones to pass judgement on others and are more than willing to commit crimes to deliver this judgement....how is this justice?

    All you hacker supporters seem to think that they are doing a service to the great unwashed masses. They are not! They are little more than vandles at best and identity thieves at worst.

    What I feel is honestly sad in this is a hacker use to be a person/group that would find security holes and expose them, SO THEY WOULD GET IT FIXED.

    Reply
  18. June 3, 2011 10:31 AM
    Kibaruk
    Kibaruk, TechSpot Paladin, said:

    That my friend Guest, is why companies pay big bucks to security analysts for (Except Sony for what we can see lately).

    Reply
  19. June 3, 2011 11:24 AM
    Mizzou
    Mizzou said:

    Hard to believe that Sony has been caught with their pants down yet again. Protecting customer confidential information is clearly not as important to them as protecting their precious intellectual property.

    Reply
  20. June 3, 2011 11:51 AM
    Benny26
    Benny26, TechSpot Paladin, said:

    Wow...This is just one giant facepalm from Sony.

    I'm still not embarrassed to own a PS3 though.

    Reply
  21. June 3, 2011 11:57 AM
    felixandy101 said:

    sony tried condemning the hackers and the freewill of pirates! now they suffer.... true that the end user suffers. but this is not because of hackers.....its because of Sony....

    Reply
  22. June 3, 2011 12:20 PM
    Zecias said:

    SQL injection LOL

    that means that anyone with a basic knowledge of programming could hack sony.

    Reply
  23. June 3, 2011 1:27 PM
    example1013 said:

    They could've at least hashed the passwords before uploading everything.

    Reply
  24. June 3, 2011 1:56 PM
    Leeky
    Leeky, TechSpot Moderator, said:

    Wow...This is just one giant facepalm from Sony.

    I'm still not embarrassed to own a PS3 though.

    Its put me off owning one as a "blueray" for the home entertainment centre though!

    Reply
  25. June 3, 2011 2:34 PM
    Benny26
    Benny26, TechSpot Paladin, said:

    Its put me off owning one as a "blueray" for the home entertainment centre though!

    Nooooo...! I feel hurt now

    Reply

Recently commented stories

Comments page: 1 2 3

Post a new comment

Social Login & Guest Posting TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.
TechSpot on:

Most Popular

Trending Featured
More Trending Topics

Featured on PC Games

Downloads and Drivers

Downloads   Drivers  

KiTTY 0.62.2.3

mIRC 7.32

Actual Bookmarks 1.2

World of Warcraft Patch 5.3.0

Funny Photo Maker 2.4.1

More Downloads

Latest Discussion

Need advice on router-buy 8 replies on Storage and Networking

Network documentation 9 replies on Storage and Networking

What OC could I achieve with... 5 replies on Overclocking, Cooling and Modding

Graphics card compability 7 replies on Audio and Video

GTX 660 TI VS GTX 660 8 replies on Audio and Video

More Recent Discussion

Subscribe to TechSpot

Get free exclusive content, learn about new features and breaking tech news.