The Hacker News Logo
Subscribe to Newsletter

Sony Pictures hacked and Database Leaked by LulzSec

Sony Pictures hacked and Database Leaked by LulzSec
YES ! Sony Hacked Again once more by Lulzsec. The Target is  SonyPictures.com and It compromised over 1,000,000 users'personal information, including passwords, email addresses, home addresses,dates of birth, and all Sony opt-in data associated with their accounts.Also compromised all admin details of Sony Pictures(including passwords) along with 75,000 "music codes" and 3.5 million "music coupons".


SonyPictures.com was hacked by a very simple SQL injection, one of the most primitive and common vulnerabilities.From a single injection, They accessed whole database. 


The worst thing is Sony stored over 1,000,000 passwords of its customers in plaintext, No md5 OR other type of Encryption.


The Leaked Data included databases from Sony BMG Belgium & Netherlands.These also contain varied assortments of Sony user and staffer information.


Message By Lulzsec:
Our goal here is not to come across as master hackers, hence what we're about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it.


They upload the database to http://www.mediafire.com/error.php?errno=378 , But file sharing site Remove it very fast ! But Re-Uploaded to http://www.multiupload.com/F9TS8IYNUX


Torrent backup of Sony Pictures and Sony BMG: http://thepiratebay.org/torrent/6443601



According to the Associated Press, Sony is "aware of LulzSec's claim and looking into it."


The Associated Press also described accessing the user data posted by the hacker group online:


The data, carried in a plain text file posted to the hacking group's site, appeared to be at least partially genuine. The Associated Press called a number listed by LulzSec as belonging to 84-year-old Mary Tanning, a resident of Minnesota. Tanning picked up the phone, and confirmed the rest of the details listed by LulzSec – including her password, which she said she was changing.


"I don't panic," she told the Associated Press, explaining that she was very seldom online and wasn't wealthy. "There's nothing that they can pick out of me," she joked.


If confirmed, the breach would deal yet another blow to Sony, which suffered a massive cyber-attack in April that targeted credit card information through its PlayStation Network and Sony Online Entertainment networks. Company executives on Thursday faced questions from U.S. lawmakers over why consumers weren't informed more quickly about the breach. Over 100 million user accounts were affected and the company only recently was able to restore service.

Previous Sony Hacks:

Sony BMG Greece Hack, Complete Details Out !
LulzSec Leak Sony's Japanese websites Database !
Sony Ericsson Got Hacked by Idahc - Lebanese hacker
XSS Vulnerability found on Sony PlayStation Store Website


UPDATE :

The company later suffered attacks on websites including in Greece, Thailand and Indonesia, and on the Canadian site of mobile phone company Sony Ericsson as link given above..


According to Sony, 77 million PlayStation and Qriocity accounts have been affected along with 25 million Sony Online Entertainment accounts, bringing the total to more than 100 million in one of the largest data breaches ever.


Sony said Thursday that it has restored PlayStation Network services everywhere except Japan, Hong Kong and South Korea and partially resumed Qriocity.


Sony has estimated that the cyber attacks could cost it 14 billion yen ($172 million), not counting compensation claims.


UPDATE 2:
Sony Pictures still don't Believe that "THEY GOT HACKED". Have a look to the Facebook page update by them.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.