It's time for another installment in the never-ending saga of Sony's security blunders. Hackers have reportedly infiltrated the company's movie site, accessing the sensitive information of more than a million accounts. The group, known as LulzSec, claims to have breached SonyPictures.com and swiped users' passwords, email and home addresses, dates of birth, along with any information submitted as part of Sony's data opt-ins.
Detailing the attack on PasteBin, LulzSec said it penetrated the company's infrastructure with a rudimentary SQL injection. Described as "one of the most primitive and common vulnerabilities," the group said it accessed everything with a single injection. In a truly embarrassing discovery, LulzSec reports that none of the user information was encrypted. In other words, Sony stored more than million user passwords in plaintext.
"Why do you put such faith in a company that allows itself to become open to these simple attacks?" the group said. "This is disgraceful and insecure: they were asking for it." LulzSec has published the stolen data on The Pirate Bay. Besides tons of sensitive user information, the group included some 20,000 Sony music coupons, 67,000 "music codes," as well as the layout of Sony's database in case you want to pillage it yourself.
This breach follows a string of recent misfortunes. Sony was forced to disable its PSN and Qriocity services for more than a month after a massive security breach that affected tens of millions of users. That fiasco is projected to cost the company some $171 million and constributes to a massive $3.1 billion loss for its fiscal year 2010. Sony has faced several other attacks in recent months, which are becoming too numerous to list.