Click to Skip Ad
Closing in...

Sony Pictures website hacked, 1 million accounts compromised

Updated Dec 19th, 2018 7:17PM EST
BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Hackers from a group called LulzSec announced on Thursday that they had breached sonypictures.com, the website belonging to Sony-owned studio Sony Pictures. The group claims to have compromised personal information belonging to over 1 million users, including user names, passwords, home addresses, dates of birth and other sensitive data. The group also claims to have accessed 75,000 “music codes” and 3.5 million “music coupons.” LulzSec says it employed a simple SQL injection technique to access the data, and that Sony Pictures’ site was not secure and was therefore easy to breach. The hackers did not have the resources to download all of the exposed data, but they say they did obtain samples in order to prove the authenticity of the attack. LulzSec’s statement on the breach is after the break.

Greetings folks. We’re LulzSec, and welcome to Sownage. Enclosed you willfind various collections of data stolen from internal Sony networks and websites,all of which we accessed easily and without the need for outside support or money.

We recently broke into SonyPictures.com and compromised over 1,000,000 users’ personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 “music codes” and 3.5 million “music coupons”.

Due to a lack of resource on our part (The Lulz Boat needs additional funding!) we were unable to fully copy all of this information, however we have samples for you in our files to prove its authenticity. In theory we could have takenevery last bit of information, but it would have taken several more weeks.

Our goal here is not to come across as master hackers, hence what we’re about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?

What’s worse is that every bit of data we took wasn’t encrypted. Sony storedover 1,000,000 passwords of its customers in plaintext, which means it’s justa matter of taking it. This is disgraceful and insecure: they were asking for it.

This is an embarrassment to Sony; the SQLi link is provided in our file contents, and we invite anyone with the balls to check for themselves that what we sayis true. You may even want to plunder those 3.5 million coupons while you can.

Included in our collection are databases from Sony BMG Belgium & Netherlands.These also contain varied assortments of Sony user and staffer information.
Follow our sexy asses on twitter to hear about our upcoming website. Ciao! ^_^

[Via Forbes]

Read

Zach Epstein
Zach Epstein Executive Editor

Zach Epstein has been the Executive Editor at BGR for more than 10 years. He manages BGR’s editorial team and ensures that best practices are adhered to. He also oversees the Ecommerce team and directs the daily flow of all content. Zach first joined BGR in 2007 as a Staff Writer covering business, technology, and entertainment.

His work has been quoted by countless top news organizations, and he was recently named one of the world's top 10 “power mobile influencers” by Forbes. Prior to BGR, Zach worked as an executive in marketing and business development with two private telcos.