Sony Picture hack compromises millions of users' passwords

Share

107232-lulzsecs-lulz-boat.jpgDeary, deary me; Sony are having a mare of a time right now when it comes to security issues. No sooner do they get the PlayStation Network back to a fighting-fit state after last month’s damaging hack attack than they are hit with yet another blow. This time it’s the Sony Pictures website that has been hit.

A reported 1 million usernames and passwords belonging to users of the Sony Pictures Entertainment website (including those of admin personal and government officials) have been leaked online, as well as 3.5 million Sony Music coupons via a torrent package posted to the PirateBay site.

The attack is being attributed to an SQL injection from the hacking group Lulzsec, who left this tweet soon after the attack took place:

“1,000,000+ unencrypted users, unencrypted admin accounts, government and military passwords saved in plaintext. #PSNcompromised”.

It was then followed by this statement from Lulzec:

“SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?”

Lulzsec have previously been behind hacking attacks on the X-Factor (posting every contestant’s name, address and phone number online) and the PBS News Hour website, where they posted a fake story claiming that the deceased rapper Tupac was still alive and well in New Zealand.

Yet another cyber security issue for Sony to sort out then. Are they moving fast enough to plug the obviously quite glaring holes in their security set-ups? Or are they being subjected to an unfair bombardment from hackers looking to make a name for themselves at the expense of an established multi-national brand? Share your thoughts in the comments section below, or via our Twitter account, @techdigestnews.

Gerald Lynch