A new hacker collective pilfered more than a million of personal passwords, emails and dates of birth.
After threatening to hack into Sony’s systems for weeks on the group’s Twitter feed, a group who alternately calls themselves LulzSec and the Lulz Boat has finally made good on project “Sownage” – that’s Sony + ownage in case you confused the term with planting crops. The Lulz Boat infiltrated SonyPictures.com today and allegedly stole over 1 million users’ personal information with a SQL injection. The group claims that much more could have been nabbed if only they had the resources (read: money) to make it happen, prompting a request for donations. All of the personal information that LulzSec were able to steal despite meager means is now posted online, along with a press release stating their intention was merely to call out Sony’s botched security measures.
“We recently broke into SonyPictures.com and compromised over 1,000,000 users’ personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts,” LulzSec’s statement read.
The attack was not made maliciously but in order to instruct the public about Sony’s awful security practices. “Our goal here is not to come across as master hackers, hence what we’re about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed everything. Why do you put such faith in a company that allows itself to become open to these simple attacks?”
Sony apparently didn’t have the wherewithal to encrypt the personal information collected on SonyPictures.com. “What’s worse is that every bit of data we took wasn’t encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it’s just a matter of taking it. This is disgraceful and insecure: they were asking for it.”
I’m not sure that kind of rape-logic holds up, but LulzSec does have a point. Sony is a big company, with lots of interchangable parts, but you think database security would be at the top of every divisions to-do list right about now.
Thanks to ckeymel for the awesome-est tip in the world!