Sony Pictures website hacked, 1 million accounts compromised

By on Jun 2, 2011 at 6:30 PM
Security June 2, 2011

Hackers from a group called LulzSec announced on Thursday that they had breached sonypictures.com, the website belonging to Sony-owned studio Sony Pictures. The group claims to have compromised personal information belonging to over 1 million users, including user names, passwords, home addresses, dates of birth and other sensitive data. The group also claims to have accessed 75,000 “music codes” and 3.5 million “music coupons.” LulzSec says it employed a simple SQL injection technique to access the data, and that Sony Pictures’ site was not secure and was therefore easy to breach. The hackers did not have the resources to download all of the exposed data, but they say they did obtain samples in order to prove the authenticity of the attack. LulzSec’s statement on the breach is after the break.

Greetings folks. We’re LulzSec, and welcome to Sownage. Enclosed you willfind various collections of data stolen from internal Sony networks and websites,all of which we accessed easily and without the need for outside support or money.

We recently broke into SonyPictures.com and compromised over 1,000,000 users’ personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 “music codes” and 3.5 million “music coupons”.

Due to a lack of resource on our part (The Lulz Boat needs additional funding!) we were unable to fully copy all of this information, however we have samples for you in our files to prove its authenticity. In theory we could have takenevery last bit of information, but it would have taken several more weeks.

Our goal here is not to come across as master hackers, hence what we’re about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?

What’s worse is that every bit of data we took wasn’t encrypted. Sony storedover 1,000,000 passwords of its customers in plaintext, which means it’s justa matter of taking it. This is disgraceful and insecure: they were asking for it.

This is an embarrassment to Sony; the SQLi link is provided in our file contents, and we invite anyone with the balls to check for themselves that what we sayis true. You may even want to plunder those 3.5 million coupons while you can.

Included in our collection are databases from Sony BMG Belgium & Netherlands.These also contain varied assortments of Sony user and staffer information.
Follow our sexy asses on twitter to hear about our upcoming website. Ciao! ^_^

[Via Forbes]

Read

Tags:
, , , , , , ,
23 Comments

Related Articles

  • Anonymous

    wtf sony!!!!! wtf hackers!!!!!

    • Anonymous

      I was against the hackers until I read how easy they got in if it’s true I would rather it be these guys now then someone else later..

      I guess I need a new password for every single site I sign up for in case they get hacked..

      • http://ocentertainment.net ocentertainment

        For what it’s worth, a different password for every sit is just good security. Pain in the ass, but good security. If it’s difficult to keep up with, you can always get password management software. You’d run the risk of someone only needing to know one password to get into all your accounts, but (with most programs) they’d need physical access to your machine, so it’s still probably safer than one or two passwords across all the services you use.

  • Anonymous

    All this because of Geohot?

  • Calvin Williams
    • http://pulse.yahoo.com/_6JUK2RDOPHCULTIFWTNRVQ4PYQ JonathanW

      haha, awesome

  • http://twitter.com/eroccia eroccia

    OUCH

  • serpentor

    Laughing Out Loud.

  • Anonymous

    Sony, Sony, Sony… damn. This is getting embarrassing.

  • Deytuk Ourjerbs

    Seriously though…it has to end some time, right? Lol

  • http://twitter.com/tiag0graca tiago.graca

    Should we trusth online companies who gather our infos? I don’t think Sony is the only one who can’t handle those precious informations

    • Anonymous

      It’s not a matter of whether you want to trust your personal information to the internet or not; unless you’re using a browser like Tor, sign up for everything under an anonymous name, don’t allow any cookies, etc., then you’re already giving up personal information.

      Is there any company that would be able to withstand the constant hacking attempts that Sony is currently getting hit by? I’ve got my doubts.

  • sirpaul

    Sounds fake to me….will wait for a real statement from Sony before jumping to any conclusions.

    • Anonymous

      are you serious???? lol

  • Anonymous

    Sony really needs to start redirecting funds from their lawyers to their IT.

  • Anonymous

    If Sony spent as much time securing personal data as it did with DRM’ing it’s content, I doubt this would have happened.

  • James Bond

    I paid $32.67 for a XBOX 360 and my mom got a 17 inch Toshiba laptop for $94.83 being delivered to our house tomorrow by FedEX. I will never again pay expensive retail prices at stores. I even sold a 46 inch HDTV to my boss for $650 and it only cost me $52.78 to get. Here is the website we using to get all this stuff, MadCent. com

    • TOMMMMMM

      You’re almost as bad as that lawyer Sandy Schwartz…. ahhh the good ole days of BGR when a BlackBerry exclusive was actually relevant…

  • Anonymous

    If I ever personally encountered one of these hackers I would torture them in a very Spanish Inquisition way.

  • Anonymous

    Haha fuck you Sony. Don’t mess with the real force behind technology.

    • KCRic

      Who would that be, some punk bi*ch hackers? Yeah, they’re the real force – they’ve contributed so much to society and technology. Before I forget to ask though – are you talking about legit ethical hackers or the little fagshits that think people really need them to breath one more day? Not taking any blame from Sony on this either, companies never learn and really don’t care about our info anymore than the hackers do. The only reason a company encrypts anything is to cover their own ass. Sony just didn’t care about that.

  • http://ocentertainment.net ocentertainment

    “This is disgraceful and insecure: they were asking for it.”

    That will teach Sony to walk around wearing mini-skirts and high-heels.

    • Daniel Wilson

      Careful not to herp too much derp there, person.  Raep terminology does not, I humbly repeat, does not apply in this situation.  When holding sensitive information in an environment known to harbour those interested in taking it, it is the holder’s responsibility to protect that information with a slight, detectable modicum of competence.  Not filtering for SQL injections and storing passwords in PLAINTEXT of all things is supremely incompetent and a breach of the implicit contract with their customers to attempt to keep their data safe.

blog comments powered by Disqus