Sony has been hacked again. It wasn’t long ago that the PSN network was hacked and only recently was it fully restored. Now the same hacker group, LulzSec, has hit Sony with an SQL injection attack, the same exploit it used when it originally gained access to the Sony Pictures account database. LulzSec was able to grab 1 million user accounts which includes passwords, email addresses, homes addresses, and the DOB of the respective owners. But it doesn’t stop there. All admin account credentials, 75,000 music codes, and 3.5 million music codes were also taken.
LulzSec was also able to access “opt-in” data about Sony’s customers which gives them a look into their individual preferences. It is said that Sony stored the 1 million user passwords in a plain text file that was not encrypted. LulzSec has said, “It’s just a matter of taking it, this is disgraceful and insecure: they were asking for it.”
LulzSec is quoted as saying:
Our goal here is not to come across as master hackers, hence what we’re about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?
This is not looking good for Sony.