Shameful: Yet Another Breach Showcases Sony’s “Disgraceful” Security

by Jordan Richardson on June 6, 2011

Sony has been hit by yet another massive data breach and this time around the hackers are getting downright cocky.

The hackers call themselves LulzSec (or Lulz Security)and this round took them to Sony Pictures in a bid to “highlight” what the group called the company’s “disgraceful” security measures. “Every bit of data we took wasn’t encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it’s just a matter of taking it,” LulzSec said in a statement. “They were asking for it.”

LulzSec apparently busted into Sony Pictures with what is being called a “basic” technique. Security experts agreed, noting on Friday that the company doesn’t seem to be taking anything with respect to security the least bit seriously.

“Any website worth its salt these days should be built to withstand such attacks,” said Graham Cluley of web security firm Sophos.

The data taken by LulzSec included passwords, email addresses, birth dates, home addresses, and phone numbers. LulzSec posted the information on their website.

For its part, Sony said it was “looking into the attack.” They’re reluctant to say that it actually occurred, but the Associated Press has verified that at least some of the numbers taken by LulzSec was real. They called 84-year-old Mary Tanning, a resident of Minnesota, and discovered that the passwords and other details were indeed correct. She said she was changing her password, good advice for anyone associated with Sony at this point – on any level.

A lot of the information on the Sony Pictures website is along the lines of sweepstakes entries and so forth, so the pool of data is considerable. It’s not clear how much information LulzSec obtained, although the group claimed to have compromised over 1,000,000 pieces of user information. “Our goal here is not to come across as master hackers, hence what we’re about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING,” LulzSec said in a statement.

Sony is not in anyone’s good books these days. The massive breach from April that forced Sony to shut down its PlayStation Network and Qriocity is still fresh in the minds of clients and the general public. And this comes on the heels of a May 24 breach of a music entertainment site in Greece and a May 25 breach that impacted 2,000 Sony Ericsson customers in Canada. Seriously, Sony?

Did you like this post ? TheTelecomBlog.com publishes daily news, editorial, thoughts, and controversial opinion – you can subscribe by: RSS (click here), or email (click here).

Written by: Jordan Richardson. www.digitcom.ca. Follow TheTelecomBlog.com by: RSS, Twitter, Facebook, or YouTube.

{ 2 trackbacks }

China Denies Google's Hacking Charge — TheTelecomBlog.com
August 16, 2012 at 6:10 am
Justice Absent as Four LulzSec Hackers are Sentenced — TheTelecomBlog.com
May 17, 2013 at 5:49 am

{ 0 comments… add one now }

Previous post:

Next post: