Sony Suffers Fresh Data Breach

The hacker collective known as LulzSec claim to have released the records for more than a million Sonypictures.com user accounts, including passwords. The data released comes with a press release of sorts from the collective explaining what happened.

Our goal here is not to come across as master hackers, hence what we’re about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?

What’s worse is that every bit of data we took wasn’t encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it’s just a matter of taking it. This is disgraceful and insecure: they were asking for it.

Oh Sony.

To validate the data, the Associated Press phoned up a few of the leaked numbers and confirmed that the information leaked was correct.

Sony have yet to release any statement on the security breach, or, at the time of writing, notify their customers.

In unrelated news; yesterday, Sony executives pledged support for a bill that “would require companies to promptly notify consumers if their personal information is stolen or exposed by a data breach”. Smooth.

via: The Guardian