Sony Hacked Again

Melanie Gross
Jun 4, 2011
Updated • Dec 15, 2014

It is no secret to anyone that between the dates of April 17th and 19th, still as yet unnamed hackers broke into Sony’s database and stole the personal data of more than 100 million users of Sony’s PS3 Network, Qriocity entertainment service and the online gaming network, Sony Online.

Sony claims to be using industry standard security measures and was forced to shut down their network for three weeks and revamp everything from the ground up. PlayStation Store was not back in action until the 1st of June.

It may surprise some, then, that after all of the media attention surrounding this major breach of security, that the group called "Lulzsec" is claiming to have attacked the servers yet again and say that they have walked away with unencrypted security information.

According to examples of their hacking as provided on Twitter (when challenged for proof of their claims) it looks as though they did indeed hack Sony networks and web sites, including Sony Music Belgium, Sony Music Netherlands and Sony Pictures. Lulzsec wrote, on the site of Pastebin, the following:

"We recently broke into and compromised over 1,000,000 users’ personal information, including passwords, email addresses, home addresses, dates of birth and all Sony opt-in data associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 ‘music codes’ and 3.5 million ‘music coupons’."

The sobering claim from Lulzsec is that the group says that not only did it gain access to with a single SQL injection, but, “What’s worse is that every bit of data we took wasn’t encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it’s just a matter of taking it,” (as posted online). “This is disgraceful and insecure: they were asking for it. “

While it’s probable that the general public would not agree that Sony was asking to have its customers private information compromised, it’s hard to disagree on the point about nothing being encrypted. After such an unprecedented and well publicized attack in April, one can’t help but wonder how “industry standard” doesn’t require the encryption of sensitive information. Employee and admin passwords can well be looked upon as the gateway to everything else and with customers around the world, one would think that Sony would have a vested interest in protecting their private information. That certainly seemed to be the case when considering their swift response to previous hackings.

After careful consideration, most would agree that Beth Givens, director of Privacy Rights Clearinghouse has a good point. She suggests that Sony has resorted to using industry standards for security. “If that’s true,” she says, “then perhaps it is time to re-evaluate and even go beyond such standards.” Sony’s clients all over the world can’t help but agree. In the meantime, they should change their passwords and be on the lookout for suspicious activities on their accounts and be careful not to fall for fishing scams that appear to be from Sony.


Previous Post: «
Next Post: «


  1. fag said on July 5, 2011 at 10:32 pm

    it is 4:32P.M.

  2. Amber said on June 6, 2011 at 7:20 pm

    Melanie, on behalf of Privacy Rights Clearinghouse, thank you for including the quote from Beth Givens. We hope that the repeated data breaches will spark a robust discussion about increasing industry standards.

    ~ Amber, director of communications for Privacy Rights Clearinghouse

  3. Mornelithe said on June 4, 2011 at 3:10 pm

    Um, there were only 77 million PSN Accounts at the time of the Hack. Since Qriocity was through PSN, just wondering how it was supposed to be 100 million people?

    1. Anonymous said on June 9, 2011 at 2:16 pm

      24 mill where from Sony Online Entertainment

    2. Anonymous said on June 6, 2011 at 8:48 pm

      No the account info of their users was in plain text meaning if it was ever published its in their storage this include double accounts, old accounts, deleted accounts ect. so 100 million sounds about right.

  4. Marty Mcfly said on June 4, 2011 at 10:03 am

    Talk about yesterday’s news!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.