Print 60 comment(s) - last by BansheeX.. on Jun 7 at 8:01 PM

Another day, another SQL injection exploit

Just when Sony appeared to be getting back on the right track with the full restoration of its PlayStation Network, LulzSec struck again hitting Sony right between the eyes. The group once again used an SQL injection tactic to gain access to the Sony Pictures account database.

This time around, LulzSec manage to obtain:   

  • 1 million user accounts (including passwords, email and home addresses, and data of birth)
  • All admin account details and passwords
  • 75,000 music codes
  • 3.5 million music coupons

In addition, there was even opt-in data that was accessible, which gives even more information about Sony's customers and their preferences.

The part that amazes LulzSec (and us for that matter) is that fact that Sony stored all 1 million user passwords in simple plain text files -- no encryption whatsoever was used. "It's just a matter of taking it," stated LulzSec in a press release. "This is disgraceful and insecure: they were asking for it."

The group went on to express its disdain for Sony and its security practices (or lack thereof): 

Our goal here is not to come across as master hackers, hence what we're about to reveal: was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks? 

LulzSec has provided evidence of their latest "Sownage" on its site, which can be accessed here.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By Reclaimer77 on 6/3/2011 12:16:19 PM , Rating: 2
As far as I know, there is no law that puts the blame on Sony here. You COULD argue negligence, but again, there are no legal standards for required security. Hacking and stealing private information, is of course, illegal. This is a no brainer.

Sony is most certainly being terrorized by this group, how you can look at it any other way only shows bias.

What should Sony apologize for exactly? Being hacked? Having exploitable security? Technically there is no such thing as a hack proof system if it's connected to the Internet in any way.

This is just more anti-corporatism. If Sony was a small company, they would be pictured as the underdog being kicked around by the mean old hackers. But because Sony is a multinational conglomerate, the hackers are almost looked upon as vigilantes for truth and justice, and Sony the big bad fatcat who needs to be taken down a few pegs.

Hacking is illegal, and this group has hurt millions of innocent individuals who have NOTHING to do with Sony or their quarrel with them. Any other opinion is simply wrong.

By JDHack42 on 6/3/2011 1:45:55 PM , Rating: 1
As far as I know, there is no law that puts the blame on Sony here.

Look up SAS70 audit standards. These apply to data centers. Now if the servers were hosted outside the US, maybe the standards don't apply.

By geddarkstorm on 6/3/2011 5:22:53 PM , Rating: 2
There's a difference between things being impossible to hack proof and someone making it through your best defenses with some clever tricks; and simply NOT HAVING DEFENSES.

There WAS no security to speak of, that's the point. Here we consumers are, being forced to give out private information so we can use the company's resources, and that company is doing nothing to safe guard this information which could be used to compromise other more important accounts. This is gross negligence. How easy would it be for another amoral company, or country, to steal this information quietly and use it for their gain, without anyone noticing? Lulz announced it on purpose, to get Sony to actually protect its stuff.

Heck, you can encrypt files on your home computer with three or four simple clicks under Windows 7. Sony has no excuse of any sort to leave such important personal data in plain text.

"There's no chance that the iPhone is going to get any significant market share. No chance." -- Microsoft CEO Steve Ballmer

Most Popular Articles5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
Automaker Porsche may expand range of Panamera Coupe design.
September 18, 2016, 11:00 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM
No More Turtlenecks - Try Snakables
September 19, 2016, 7:44 AM
ADHD Diagnosis and Treatment in Children: Problem or Paranoia?
September 19, 2016, 5:30 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki