Print 30 comment(s) - last by someguy123.. on Jun 10 at 4:41 PM

Sony claims LulzSec are liars and greatly exaggerated the number of records taken in a recent intrusion.  (Source: LulzSec)

A Sony Pictures Entertainment spokesperson claims only 38,000 records were lost.  (Source: LA Recording School)
Company says 38,000 users' data was lost, not 1 million

Sony Corp. (TYO:9684) issued a statement to DailyTech Thursday, in the wake of attacks that have compromised many of its web properties [1][2][3][4][5][6].

[A] Sony Pictures Entertainment spokeswoman [name redacted] writes us:
I am from Sony Pictures and saw your piece this morning on the attacks Sony has been under.  I wanted to point out that the 1 million number you refer to in relation to an attack was announced June 2 by LulzSec, however, the actual number is less than 38,000.  There is a notice on our web site: (click on the red banner)
The company's claims stand in direct contradiction with LulzSec's ("Lulz Security") claim:

We recently broke into and compromised over 1,000,000 users' personal information, including passwords, email addresses, home addresses,
dates of birth, and all Sony opt-in data associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 "music codes" and 3.5 million "music coupons".

The decision to claim LulzSec was lying seems a gutsy one on Sony's part.  Hopefully it doesn't backfire on them.

In related news, LulzSec published a heavily redacted email sent to Britain's National Health Service (NHS) warning them of security vulnerabilities that allowed the group to gain administrative passwords.  LulzSec praised the group's work, writing:

In celebration of little girls getting bigger bones, we're now emailing NHS and informing them of those admin passwords we took months ago.

Because if we fucked over those that give health, people would literally die laughing at our antics. Poor lungs = poor lulz, people.

In the email LulzSec writes, "While you aren't considered an enemy - your work is of course brilliant - we did stumble upon several of your admin passwords."

A spokesperson for the NHS told the BBC, "This is a local issue affecting a very small number of website administrators. No patient information has been compromised. No national NHS information systems have been affected. The Department has issued guidance to the local NHS about how to protect and secure all their information assets."

LulzSec, like the 4Chan-affiliated hacker group Anonymous, is loosely organized.  However the membership of the group is thought to be much smaller and more elite than anonymous.  Despite the fact that no-one is "in charge" the group managed to issue regular press releases.  The group sometimes doesn't publish the results of its findings, if it appreciates the compromised organization.  In other cases, like hacks on PBS and 2600 it has shown itself to remorseless at times.

Updated: June 9, 2011 5:17 p.m.

LulzSec graciously responded to these claims via Twitter:

"Sony Says LulzSec Lied About Number of Records Lost" - we didn't say we stole 1 million, we said we compromised 1 million. Silly @Sony :3 = ~1,000,000 total users split into various tables of ~200,000 (x2) ~300,000 (x1) ~75,000 (x2) and ~125,000 (x1)

@Sony tell everyone about how many users are in that SonyPictures database; users we accessed does not equal users YOU didn't protect. :D

(By the way, where's the link love, LulzSec?)

Well, looks like a difference of opinion -- or perhaps semantics is at play here.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Lulz
By omnicronx on 6/9/2011 4:29:36 PM , Rating: 5
I'm inclined to completely disagree with Sony. Read LulzSec's press release, it clearly states ' compromised (this being the key word here, that does not imply they seized this information)over 1,000,000 users', then goes onto state that they did not actually seize 1,000,000 units, but easily could have.
Due to a lack of resource on our part (The Lulz Boat needs additional funding!) we were unable to fully copy all of this information, however we have samples for you in our files to prove its authenticity. In theory we could have taken every last bit of information, but it would have taken several more weeks.
They didnt lie about anything, Sony is just playing the semantics game.

Had LulzSec actually taken the time to do so (which judging from their security had absolutely no idea about the intrusion until LulzSec made the claim), they most likely could have seized the entire thing.

Just seems like a terrible thing to claim for absolutely no reason. Full access is full access, the fact that not all of it was seized is completely irrelevant when it comes to Sony's security shortcomings.

Not to mention the repercussions from calling out LulzSec, especially when you consider the damage they could have done with the information had they chosen to do so.

RE: Lulz
By omnicronx on 6/9/2011 4:32:21 PM , Rating: 4
Here is the original press release:

And here is a summary of exactly what they claim to have seized for those interested..

RE: Lulz
By Lifted on 6/9/11, Rating: -1
RE: Lulz
By tastyratz on 6/10/2011 11:28:07 AM , Rating: 4
Absolutely! Sony is taunting the bull here and they are going to get the horns. Have they learned nothing so far?

Dear Sony,
Shut your damn mouth and fix your crap. Done

"If you look at the last five years, if you look at what major innovations have occurred in computing technology, every single one of them came from AMD. Not a single innovation came from Intel." -- AMD CEO Hector Ruiz in 2007

Copyright 2015 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki