backtop


Print 60 comment(s) - last by BansheeX.. on Jun 7 at 8:01 PM

Another day, another SQL injection exploit

Just when Sony appeared to be getting back on the right track with the full restoration of its PlayStation Network, LulzSec struck again hitting Sony right between the eyes. The group once again used an SQL injection tactic to gain access to the Sony Pictures account database.

This time around, LulzSec manage to obtain:   

  • 1 million user accounts (including passwords, email and home addresses, and data of birth)
  • All admin account details and passwords
  • 75,000 music codes
  • 3.5 million music coupons

In addition, there was even opt-in data that was accessible, which gives even more information about Sony's customers and their preferences.

The part that amazes LulzSec (and us for that matter) is that fact that Sony stored all 1 million user passwords in simple plain text files -- no encryption whatsoever was used. "It's just a matter of taking it," stated LulzSec in a press release. "This is disgraceful and insecure: they were asking for it."

The group went on to express its disdain for Sony and its security practices (or lack thereof): 

Our goal here is not to come across as master hackers, hence what we're about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks? 

LulzSec has provided evidence of their latest "Sownage" on its site, which can be accessed here.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

By Chaser on 6/4/2011 12:21:18 PM , Rating: 1
1. I'm growing tired of the sensationalizing of these sour grape sociopaths. They are angry lifeless cry babies that otherwise have lives beyond their keyboards and their their comic book t shirts. Ahhh upset because of no more Linux on a PS3? Oh boo freaking hoo. This is a gaming console which can also play video disks. Spend your unemployment check or allowance on another product.

2. Anyone that thinks thinks these morons provide some form of positive service to society? If they were that virtuous they'd privately forward their results to Sony so that Sony could address these vulnerabilities. But no, These "lolz" comic book stand nobodies would rather cheer behind a pathetic ansi image rather than save up $300.00 and buy their own rockin' Linux box -and some kleenex to blow their noses.

3. As it stands now it's the consumers that bought Sony products that suffer for this. So pointless analogies aside, no one deserves this. After Sony (AND IT'S AFFILIATES) get things in order and they can go back to full operation Sony should pursue these -yes- idiots to the fullest extent of the law and prosecute them. In other words Sony and their customers should tell them to kiss their ass. Then let them bitch about Linux behind bars while they apologize to the true victims, the consumer.




By Veerappan on 6/5/2011 10:17:42 PM , Rating: 2
1. Linux compatibility was a feature that the console was advertised as having upon initial sale. Sony removing this feature pissed a lot of people off.

2. If I had a PS3 and my credit card had been leaked as a result, I'd be more pissed at Sony than at the hackers. Safeguarding your customers' private data is vital to maintaining your customers' trust. Sony has failed here. Even if Anonymous hadn't targeted them, someone else would have eventually.

3. And if Sony wants its customers to stay loyal, they should upgrade the security on their network-connected services.

I've been staying away from Sony products since the rootkit fiasco a few years ago, and the more time goes by, the happier I am about that decision.


"So if you want to save the planet, feel free to drive your Hummer. Just avoid the drive thru line at McDonalds." -- Michael Asher














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki