You are currently viewing our boards and having a limited access. Feel free to register so you can express your feelings with us. You need to register before you can post in forums. Registration takes only a minute. No validation via mail required in registration.

Sony hacked again, 1M passwords hit

View previous topic View next topic Go down

Sony hacked again, 1M passwords hit

Post by Justin_Romile on Sat Jun 04, 2011 11:13 am

Hackers struck anew against Sony, breaking into the website of its movie arm Sony Pictures and posting the stolen data online.

LulzSec, which had earlier broken into the sites of Sony Music Japan and Public Broadcasting Service earlier, claimed to have compromised the private data of over a million Sony Pictures customers.

"We recently broke into SonyPictures.com and compromised over 1,000,000 users' personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 "music codes" and 3.5 million 'music coupons,'" it said in a release on its website.

It pointed out that none of the data on the hacked Sony sites, including the users' passwords, was encrypted.

LulzSec added the collection of data it posted online included databases from Sony BMG Belgium and Netherlands.

Among the supposed data LulzSec claimed to have posted on its site were those of Sonypictures.com, such as:


Sonypictures.com AutoTrader users database
Sonypictures.com Sony Wonder coupons database
Sonypictures.com Sony Wonder.music codes database
Sonypictures.com Seinfeld Del Boca Vista database
Sonypictures.com database tables
Sonybmg.nl partners and admins database
Sonybmg.be users database

"SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?" LulzSec said.

"What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it," it added.

Earlier attacks on Sony sites had included those of its mobile phone arm Sony Ericsson's Canadian e-commerce site last May.

Online security firm Sophos' Chester Wisniewski said the information disclosed includes approximately 150,000 records.

"This sounds like a broken record... Passwords and sensitive user details stored in plain text... Attackers using 'a very simple SQL injection' to compromise a major media conglomerate," he said in a blog post.

Worst of all was that the hackers are exposing over a million people to having their accounts compromised and identities stolen simply to make a political point, he said.

He added companies collecting information from their customers have a duty to protect that information as well.

"In addition to employing proper encryption to protect against theft or loss, companies should work with reputable penetration testers to validate their security plans," he said.
avatar
Justin_Romile

Posts : 219
Join date : 2010-05-11
Age : 22
Location : Antipolo City, Philippines

http://viostech.forumotion.com

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum