Hackers claim theft of 1m passwords from Sony
- Reduce text size Decrease text size
- Increase text size Increase text size
- Print article Print
- Jump to comments Comment
- Share this article Share
- Email article to a friend Email
Stealing unencrypted, plain text password file was "just a matter of taking it", says hacker group LulzSec
In yet another embarassing data breach for Sony, a group of hackers has claimed that it stole over 1 million user passwords from the Japanese company's TV and film division.
"We recently broke into SonyPictures.com and compromised over 1,000,000 users' personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts," Lulz Security said in a statement.
"Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 "music codes" and 3.5 million 'music coupons'," it said.
The group said their latest hack was carried out using a simple technique called SQL injection, the same method was used in similar attacks on Sony last month.
"Every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it." the group said. "From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?"
Sony is reported to be investigation the group's claims.
Lulz Security, which calls itself a "cyber community" and does not affiliate itself with any country or politics, say it is behind a string of recent cyber attacks, including those on Sony Music, PBS and Fox.com.
On their website, the group says, "we have now taken it upon ourselves to spread fun, fun, fun, throughout the entire calendar year."
The website lists all the hacks recently carried out, including those of eight Sony databases all listed on the the 2nd of June.
Sony said is is investigating the attacks, but gave no further response. No group has claimed responsibility for the April attacks, in which over 100 million customers' details were stolen.
