Sony Hacked Again - gHacks Tech News

Sony Hacked Again

It is no secret to anyone that between the dates of April 17th and 19th, still as yet unnamed hackers broke into Sony’s database and stole the personal data of more than 100 million users of Sony’s PS3 Network, Qriocity entertainment service and the online gaming network, Sony Online.

Sony claims to be using industry standard security measures and was forced to shut down their network for three weeks and revamp everything from the ground up. PlayStation Store was not back in action until the 1st of June.

It may surprise some, then, that after all of the media attention surrounding this major breach of security, that the group called "Lulzsec" is claiming to have attacked the servers yet again and say that they have walked away with unencrypted security information.

According to examples of their hacking as provided on Twitter (when challenged for proof of their claims) it looks as though they did indeed hack Sony networks and web sites, including Sony Music Belgium, Sony Music Netherlands and Sony Pictures. Lulzsec wrote, on the site of Pastebin, the following:

"We recently broke into SonyPictures.com and compromised over 1,000,000 users’ personal information, including passwords, email addresses, home addresses, dates of birth and all Sony opt-in data associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 ‘music codes’ and 3.5 million ‘music coupons’."

sony pictures

The sobering claim from Lulzsec is that the group says that not only did it gain access to SonyPictures.com with a single SQL injection, but, “What’s worse is that every bit of data we took wasn’t encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it’s just a matter of taking it,” (as posted online). “This is disgraceful and insecure: they were asking for it. “

While it’s probable that the general public would not agree that Sony was asking to have its customers private information compromised, it’s hard to disagree on the point about nothing being encrypted. After such an unprecedented and well publicized attack in April, one can’t help but wonder how “industry standard” doesn’t require the encryption of sensitive information. Employee and admin passwords can well be looked upon as the gateway to everything else and with customers around the world, one would think that Sony would have a vested interest in protecting their private information. That certainly seemed to be the case when considering their swift response to previous hackings.

After careful consideration, most would agree that Beth Givens, director of Privacy Rights Clearinghouse has a good point. She suggests that Sony has resorted to using industry standards for security. “If that’s true,” she says, “then perhaps it is time to re-evaluate and even go beyond such standards.” Sony’s clients all over the world can’t help but agree. In the meantime, they should change their passwords and be on the lookout for suspicious activities on their accounts and be careful not to fall for fishing scams that appear to be from Sony.

Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. Marty Mcfly said on June 4, 2011 at 10:03 am
    Reply

    Talk about yesterday’s news!

  2. Mornelithe said on June 4, 2011 at 3:10 pm
    Reply

    Um, there were only 77 million PSN Accounts at the time of the Hack. Since Qriocity was through PSN, just wondering how it was supposed to be 100 million people?

    1. Anonymous said on June 6, 2011 at 8:48 pm
      Reply

      No the account info of their users was in plain text meaning if it was ever published its in their storage this include double accounts, old accounts, deleted accounts ect. so 100 million sounds about right.

    2. Anonymous said on June 9, 2011 at 2:16 pm
      Reply

      24 mill where from Sony Online Entertainment

  3. Amber said on June 6, 2011 at 7:20 pm
    Reply

    Melanie, on behalf of Privacy Rights Clearinghouse, thank you for including the quote from Beth Givens. We hope that the repeated data breaches will spark a robust discussion about increasing industry standards.

    ~ Amber, director of communications for Privacy Rights Clearinghouse

  4. fag said on July 5, 2011 at 10:32 pm
    Reply

    it is 4:32P.M.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.