Just as the PlayStation Store comes back online and we start to think this hacking fiasco may finally be in the rear view, this bit of info comes up. Apparently, a hacking group by the name of ‘LulzSec’ has published information from over 1,000,000 accounts that they took from Sony Entertainment and Sony BMG websites.
Even worse than what they took is apparently how easy it was for them to take it. According to them, none of the information they acquired was encrypted.
This is what the group had to say after they carried out the process.
“Our goal here is not to come across as master hackers, hence what we’re about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?”
LulzSec promised yesterday that they would publish some of the information they took from said websites. While we’re not going to link the information for obvious reasons, we can verify that there is a page on their site that’s packed with e-mail addresses, passwords and other various data (though it’s likely already been taken down).
Although they’re obviously taking full credit for this particular incident, they’ve also claimed that they’re not the ones responsible for the PSN attacks from April.
Update: We did some additional digging and found ‘Lulzsec’s’ original statement about this situation. Apparently, despite what was originally reported, it looks like only a small sample of the account information supposedly taken was published on the web. Below is another small excerpt from their statement.
“We recently broke into SonyPictures.com and compromised over 1,000,000 users’ personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts…
Due to a lack of resource on our part (The Lulz Boat needs additional funding!) we were unable to fully copy all of this information, however we have samples for you in our files to prove its authenticity. In theory we could have taken every last bit of information, but it would have taken several more weeks.”
To clarify, they’re claiming they did compromise information from over a million accounts, but only a small sample was published online.
InternationalGamer
I suspect this is all bullshit, if you claim to have compromised 1 million accounts, give me proof or shut the fuck up until you have proof. Don’t fill me with your bullshit that you do not have the money. If you claim something big, give the fucking proof instead excuses.
How many times is this going to happen, people claiming they have the information, while I actually never saw proof of leaked information after PSN went online. Was there any leak of personal information after PSN went online or was there even leak of information during the first attack while PSN was offline.
heedbaw
The problem I think us the amount of interest generated due to the PSN hack, which was quite widely reported. Hacks happen almost daily, it seems, and Sony seem to be more closely scrutinised since the aforementioned PSN hack because PS3 fans are paying attention to any attempts to attack Sony. This article supports that, as it’s unlikely to have been reported on TSA had the PSN hack not occured.
Lulzsec are probably just out for a bit of publicity. I’ve seen a fair few articles recently about security holes in numerous different sites. The difference being that the people that are serious about highlighting these problems tend to report it to the company(ies) involved first, and give them time to plug the holes before posting anything relating to the vulnerabilities.
Broonba
@JesseDeya
Well said mate…..it’s about time somebody saw through all this bullshit.
These assholes are after nothing more than to make Sony look bad & the press are lapping it up.
It’s a toss up between who are the biggest feckwits……personally i’d go for them that’s publishing this shit as “news”.
JesseDeya
Cheers, it’s a little frustrating that people are so freaking naive they’ll believe pretty much anything.
There is so much group think on the internet it’s slightly scary, and LulzSec seem to be capitalising on it. I’ve been trying to spread this message where ever I see this fud being posted and so far there have been at least a few people like yourself who understand – makes it worthwhile so thanks again. At least TSA did amend the original article after I posted (claiming ‘they’ did some additional digging around), but they didn’t change the overall message which is that this is FACT, when it is nothing but RUMOUR. Oh well.
iAvernus
I don’t understand what’s with all the hate for Sony.