Sony hacked again, over 1 million passwords were unencrypted
By now, it is obvious that Sony has made quite a few enemies among the security experts. LulzSec, a hacker group known for its claim of successful attacks on PBS and Fox.com, successfully hacked into Sony on Thursday, compromising account information of Sony's 1 million customers.
Due to an earlier massive breach on Sony's PlayStation Network in April, which compromised account information of 77 million users of Sony's PlayStation Network, and another 25 million at Sony Online Entertainment, Sony was forced to deactivate the network.
On the same day Sony finally managed to re-activate the PlayStation Store and provide full PSN service, LulzSec announced its successful breach of servers at Sony Pictures and Sony BMG.
To underscore the point that Sony is unable to keep intruders out of its network, Lilzsec posted the stolen data, which included names, birthdays, addresses, emails, phone numbers and passwords of users who had registered for Sony's competitions run by its Picture Entertainment Website.
LulzSec claimed to have accessed the data using a simple SQL injection vulnerability.
From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks? The group said in a statement. What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it.
Sony said it was aware of LulzSec's statement and was investigating.
© Copyright IBTimes 2024. All rights reserved.