Sony Hacked Again, Group Claims

Sony Hacked Again, Group Claims

www.theepochtimes.com

“Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 ‘music codes’ and 3.5 million ‘music coupons,’” it added.

The group baosted that it does not want to come across as “master hackers” but said that SonyPictures.com was breached by a mere single SQL injection, “one of the most primitive and common vulnerabilities.”

The group asked, “Why do you put such faith in a company that allows itself to become open to these simple attacks?”

(visit the link for the full news article)

Sony Pictures was hacked by the group LulzSec (same group who posted fake stories on PBS's website).

The group released a bunch of user data on its website, uploaded torrents, and placed the files onto file sharing sites.

Lulz said that it only used a simple SQL injection to breach Sony's networks.

www.theepochtimes.com
(visit the link for the full news article)

HAHAHAHA this is so funny come on sony wow

SQL injection vulnerability in a company the size of Sony Pictures is abysmal. Either they are employing actors that played network security administrators, or they just actually hired idiots.
Its one thing for a fanboie site to be hacked that way, but not for a major industrial giant that people entrust a lot of their personal information to.
When is Sony (at large) going to wake up and realize that they are a target right now and need to shore up their vulnerabilities and harden their systems.

Although, if anyone who reads this is one of those hackers, it would really be funny to see a lot of copyright material pop up on their servers in some dungeon level storage drive. Then link out on one of those FBI watch sites and sit back and watch the fireworks.

Hah, talk about doing it for the lulz !

Originally posted by kuai137

Sony Hacked Again, Group Claims

www.theepochtimes.com

“Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 ‘music codes’ and 3.5 million ‘music coupons,’” it added.

The group baosted that it does not want to come across as “master hackers” but said that SonyPictures.com was breached by a mere single SQL injection, “one of the most primitive and common vulnerabilities.”

The group asked, “Why do you put such faith in a company that allows itself to become open to these simple attacks?”

(visit the link for the full news article)

The worst part about this type of breach is that most SQL systems these days have out of the box SQL injection prevention. There are also programs that can check for these types of system flaws. Sony got caught with their pants down. lols.

All these people do is get the customers screwed over.

reply to post by wheresthetruth

SQL injection vulnerability in a company the size of Sony Pictures is abysmal. Either they are employing actors that played network security administrators, or they just actually hired idiots.
Its one thing for a fanboie site to be hacked that way, but not for a major industrial giant that people entrust a lot of their personal information to.

I do find it a little bit hard to believe that they were compromised for a second time by a simple SQL injection vulnerability, especially after claiming a complete security overhaul. My bet is the hackers have had this exploit saved for now or they have been working on finding it for the last few weeks.

If they were compromised again, in such a simple way, then it just goes to show why open source code is better. One tiny little mistake can make the whole system open to attack. And not only that, it doesn't even have to be a "mistake", you just have to forget to implement all the right precautions against attacks in every single bit of your code.

My email was hacked today which is linked to my PSN account.
They changed my password, security questions answer, DOB......it was also linked to my bank account which i have now changed.
Im pretty sure this has something to do with Sony being hacked in April or whenever this story is reporting....kind of a coincidence eh?

I am having a hard time just blindly accepting a simple SQL injection...

Though it seems it's Open Season on Sony...

www.foxnews.com...

According to a report in the Wall Street Journal, So-net Entertainment Corp., a Japanese ISP owned by the technology giant, said that hackers accessed its customer rewards site earlier this week and stole customers' redeemable gift points worth about $1,225.

The incident is the latest in a weeks-long string of hacks and breaches of security for Sony. The trouble began on April 19, when the company began investigating and ultimately discovered a massive breach of security on its PlayStation Network, a cyberscandal that compromised the personal information of more than 100 million users.

The PlayStation.com website was the target of later attacks, and on Thursday, the company took down a password-reset page it had built following the discovery of a "URL exploit" that the company insisted was not another hack.

Though a URL exploit sounds rather "n00bish" network admin to me. Unless this report about SQL injection and the last paragraph are referencing the same event.

www.engadget.com...

Oh, Sony -- not again. We've just received numerous tips that Lulz Security has broken into SonyPictures.com, where it claims to have stolen the personal information of over 1,000,000 users -- all stored (disgracefully) in plain text format. Lulz claims the heist was performed with a simple SQL injection -- just like we saw the last time around. A portion of the group's exploit is posted online in a RAR file, which contains over 50,000 email / password combos of unfortunate users. We've downloaded this file (at our own risk, mind you) and can verify these sensitive bits are now in the wild, though it remains unclear if what's published matches reality.

In plain text format.... you've GOT to be kidding.... I mean... holy crap... What user account system actually stores stuff in plain text format these days? I am tempted to say it's got to be a hoax.... has anyone verified the accuracy of the data in the released file?

... And another thing... I realize these guys are all "champions against corporate negligence" .... but is it really necessary to release username/password combinations to the general public as part of the campaign ... against negligence...? I mean... talk about the frying pan to the fire....

A reference in that article links to: www.engadget.com...

now the Greek site of Sony BMG has been hacked and the account info of thousands of users has been posted online. According to the Sophos blog Naked Security, the attack does not appear to have been particularly sophisticated and was carried out using an automated SQL injection tool that demands more patience than skill.

So, apparently, this has been done before.

It would seem that Sony has not just struck, but actually attempted to rape, a beehive. With predictable results.

Though one would think that, before attempting such an obviously risky activity, some manner of protection would be afforded.

I don't know what Sony's IT guys are like right now... but I'd imagine they are looking for a change of careers. Having "Managed network security at Sony from 2008 through 2012" as a resume bullet will probably not be a very strong one when going up for IT positions. I'd probably just say I suffered burn-out and became a bum during that time... I don't really see how that could be considered inaccurate, given the events at Sony.

Originally posted by buster2010
All these people do is get the customers screwed over.

I was thinking the same thing...For example the first hacking which apparently compromised personal details of the PlayStation Network users...What if there massive credit card fraud/ or ID Theft? I don't have a playstation user but I would assume that would not be funny.

I would not be surprised if prices started going up. And Sony Blames Extra Security. I hope these people (The Hackers) get caught......... personally.

They would be getting alot of "LULZ" in prison....

Maybe Sony is way too blind to see our "insiders" ?

ill let you think about it

reply to post by ScepticDebunker


that is horrible news... is your email password the same as your psn password?
if not that is really scary

reply to post by SophyC76


No my PSN password was different.....but they changed my email security to lock me out....once they changed my hotmail password they locked my PSN account down too.

I had someone also attempt to change the password on my PayPal account....i got an email from them saying thanks for changing your email and gave me the new email address that they registered. It was a BtInternet account so i think they were in the UK

sold my ps3 last week. I can't imagine a scenario where I'd ever feel safe using thier products online again. they are a mark now for hackers and it's just gonna escalate.

Originally posted by kuai137

Sony Hacked Again, Group Claims

www.theepochtimes.com

“Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 ‘music codes’ and 3.5 million ‘music coupons,’” it added.

The group baosted that it does not want to come across as “master hackers” but said that SonyPictures.com was breached by a mere single SQL injection, “one of the most primitive and common vulnerabilities.”

The group asked, “Why do you put such faith in a company that allows itself to become open to these simple attacks?”

(visit the link for the full news article)

CIAnon:“Why do you put such faith in a company that allows itself to become open to these simple attacks?”
"Better lock down the internet. Right guys?"
Elite: "yeah the public's free expression on the internet is getting in the way of our one world police state. So we turn it off..."

Originally posted by TheLogicalist

Originally posted by buster2010
All these people do is get the customers screwed over.

I was thinking the same thing...For example the first hacking which apparently compromised personal details of the PlayStation Network users...What if there massive credit card fraud/ or ID Theft? I don't have a playstation user but I would assume that would not be funny.

I would not be surprised if prices started going up. And Sony Blames Extra Security. I hope these people (The Hackers) get caught......... personally.

They would be getting alot of "LULZ" in prison....

edit on 2-6-2011 by TheLogicalist because: (no reason given)

Nahh they are a CIA proxy and they are not going to get caught.

This is a false flag.

reply to post by anonymous1


Nahh that's OK.

I don't like prison.

Yeah, very disgraceful.
The security and firewall they were running was 2005 or 2006 version.

Lazy to say the least.