Skip to main content

Sony suffers fresh website hack

"They were asking for it."

Dark blue icons of video game controllers on a light blue background
Image credit: Eurogamer

Sony is investigating a hack that's seen thousands of usernames and passwords posted on the internet.

Group LulzSec has claimed responsibility for the breach just days after it said on Twitter it was attacking Sony and making off with internal data.

The hackers published the names, birthdates, addresses, emails, phone numbers and passwords of thousands of people who had entered competitions promoted by Sony Pictures.

LulzSec said that a single SQL Injection flaw led them to more than one million clear text passwords, 3.5 million "music coupon" codes, and 75,000 "music codes".

None of the information it took from Sony was encrypted, the hackers claimed.

"Our goal here is not to come across as master hackers, hence what we're about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now," the group said on its website.

"From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?

"What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it."

Sony Pictures this morning responded on Facebook. "We know many members of the Sony Pictures community may have questions related to recent news reports about attacks on SonyPictures.com and related Sony Pictures Entertainment websites," Sony said.

"We are looking into these claims and will let you know as soon as we have more information. Please continue to follow Sony Pictures on Facebook and Twitter for updates as they become available."

The Sony Pictures hack comes hot on the heels of the attack on PlayStation Network that saw personal details tied to 77 million accounts compromised.

Only this week did Sony turn the PlayStation Store on after over a month of outage.

Yesterday Sony Network Entertainment president Tim Schaaf defended the Japanese company's online security at a US House Energy and Commerce panel hearing, saying it suffered "quite a remarkable attack".

Read this next