Sony Hacked Again, 1 Million Passwords Exposed

  /     /     /  
Publicated : 22/11/2024   Category : security


Sony Hacked Again, 1 Million Passwords Exposed


Hacker group LulzSec releases 150,000 Sony Pictures records, including usernames and passwords, in latest setback for consumer electronics giant.



(click image for larger view)
Slideshow: 10 Massive Security Breaches
A group of hackers behind the recent PBS website breach said theyve now hacked into a Sony website. The hackers, who call themselves LulzSec or the Lulz Boat, said they exploited the Sony Pictures website via a SQL injection attack.
We recently broke into SonyPictures.com and compromised over 1,000,000 users personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts, the group said in a
Pastebin post
. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 music codes and 3.5 million music coupons.
The group released 150,000 records gleaned during its attack, saying it didnt have time to copy more. Those records also include material taken from exploited databases for Sony BMG in the Netherlands and Belgium, which contained further information about website users as well as employees.
From a single injection, we accessed everything, said the group. Whats worse is that every bit of data we took wasnt encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means its just a matter of taking it.
The records were released via a MediaFire file download, the LulzSec website, as well as via BitTorrent. By early Friday, however, the MediaFire file had been removed for violation and the groups website was unavailable, despite the groups
boasts via Twitter
about how its CloudFire backup would prevent the website from becoming unreachable.
LulzSec is the same group that
posted fake news
on the PBS website on Saturday in retaliation for a PBS Frontline documentarys portrayal of Julian Assange, the founder of WikiLeaks, and Bradley Manning, whos accused of providing WikiLeaks with massive amounts of classified information.
The Sony Pictures data exposure is the latest in a string of embarrassing data breaches suffered by Sony. Multiple Sony websites, including its PlayStation Network, were breached beginning in April, leading to more than 100 million user accounts being compromised, and at least one
class-action lawsuit
as a result.
In the wake of those attacks, seeing another Sony website property being compromised via a basic vulnerability sounds like a broken record, said Chester Wisniewski, a senior security advisor at Sophos Canada, in a
blog post
. Worst of all the hackers are exposing over a million people to having their accounts compromised and identities stolen simply to make a political point.
What should Sony Pictures website users do? The takeaway for the average Internet users is clear, said Wisniewski. Dont trust that your password is being securely stored and be sure to use a unique password for every website to limit your exposure if hacks like these occur.
Businesses should likewise be prepared, by ensuring that they cant be breached via the types of vulnerabilities that have scuttled Sony websites. Sony seems to have been compromised in such a negative and severe way, Im concerned that other organizations wont use this as a warning sign to analyze their defenses, and will instead adopt an it wont happen here mentality, said Ron Gula, CEO of Tenable Network Security, via email. Ive already seen executives in different verticals offer excuses that explain-away why Sonys issues dont affect their customers or employees--which is very alarming.
In this new Tech Center report, we profile five database breaches--and extract the lessons to be learned from each. Plus: A rundown of six technologies to reduce your risk.
Download it here
(registration required).

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Sony Hacked Again, 1 Million Passwords Exposed