Sony 'looking into' new hacker attack

Japanese company says it is investigating group's claims to have made off with personal information for more than 1 million Sony Pictures accounts; Sony says "not related to PlayStation."

Last night, Sony brought its PlayStation Store back online, ostensibly marking the end of a six-week saga that resulted in hackers obtaining identifying information for more than 77 million PlayStation Network and Qriocity accounts, as well as an additional 24.6 million Sony Online Entertainment accounts. However, Sony's hacker problem does not seem to want to go away.

Sony remains the target of hackers' ire.

The Associated Press is reporting today that the hacker group LulzSec has launched a new attack on Sony, one that has compromised more than 1 million people's personal information, including passwords, e-mail addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts. Fortunately for still-recovering PlayStation gamers, the target of LulzSec's attack was Sony Pictures website and not the PSN.

In a statement posted to LulzSec's website, the hacker group said that it had released the information it obtained through various torrent sites.

"Enclosed you will find various collections of data stolen from internal Sony networks and websites, all of which we accessed easily and without the need for outside support or money," the statement read. "We recently broke into SonyPictures.com and compromised over 1,000,000 users' personal information, including passwords, e-mail addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts."

"Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 'music codes' and 3.5 million 'music coupons,'" the statement continued. "Due to a lack of resource on our part (The Lulz Boat needs additional funding!) we were unable to fully copy all of this information, however we have samples for you in our files to prove its authenticity. In theory we could have taken every last bit of information, but it would have taken several more weeks."

The hacker group went on to say that the aim of its attack wasn't to build its own reputation. Rather, it hopes that this latest attack will "embarrass" the multinational mega-corporation.

"What's worse is that every bit of data we took wasn't encrypted," LulzSec said. "Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it. This is an embarrassment to Sony; the SQLi link is provided in our file contents, and we invite anyone with the balls to check for themselves that what we say is true. You may even want to plunder those 3.5 million coupons while you can."

Following up on that challenge, the AP reports that it has tested a swath of the information released and found it valid. One of those phone numbers found in the data, according to the AP, was for an 84-year-old Minnesota resident, who confirmed that the password obtained by LulzSec was indeed legitimate.

Responding to GameSpot's request for comment, a Sony Computer Entertainment America representative said of the matter, "It's not related to PlayStation." A Sony Pictures representative told the AP, "We are looking into these claims."

LulzSec shot to notoriety earlier this week, after taking over PBS.com and posting a story claiming that murdered rapper Tupac Shakur was alive, well, and living in New Zealand.

Written By

Want the latest news about PlayStation Portable?

PlayStation Portable

PlayStation Portable

Follow

Discussion

328 comments
zinoalex
zinoalex

@connor24 Very good use of the term cracker. I t may have been a "hack" but what was done to Sony and others was done by crackers.I'm tired of folks cheering when Sony gets hacked by crackers and them creering those who diodi it on Someday they will be in their 30's or 40's and wil have extablished credit on their own. In other words Mommy and Daddy won't have helped. Let's see how much they like it then when someone with no life and a fast computer steals theit identity and thier personal information. Will it all be fun and games then? I wonder.

MagicOneUp
MagicOneUp

why do people still trusting in Sony.

s_h_a_d_o
s_h_a_d_o

@Connor24 Thank you for correctly posting with use of the term "cracker", rather than following the irresponsible trend demonstrated by most (and perpetuated by GS) in labelling them . There is a very important distinction here folks - please check your ignorance at the door.

afrodudeman123
afrodudeman123

how are they not in jail yet?? they boast about it everyday. Its not like there hidding.

Connor24
Connor24

[This message was deleted at the request of a moderator or administrator]

Philly1UPer
Philly1UPer

Why have no arrest been made yet? They are posting their acts of crime on a website that should easily lead them to these hackers/crackers by using hackers/crackers to figure out their information. The US Government has the ability to tap into any electronic device in the world, but they can't sniff out a few punk kids?

atomheart
atomheart

I don't condone what these hackers are doing but come on Sony. Passwords in plain text? Seriously?

huskerman34
huskerman34

These punks need to piss off. Whats done is done and lets move on. This is sad that no one goes after these punks. This is very concerning for a consumer. This is completely criminal.

fantasyfacade
fantasyfacade

I do not agree with what these hackers are doing at all. Its not the Sony that suffer, its the innocent people whose information was stolen and put into the hands of the wrong type of people who would use this to their benefits. As a friend of a person who endured identity theft I can tell you they suffer far more.

raptures330
raptures330

Too many people think hacking and hackers are like in the movies. 60 second break-in to a high security system that allows control of things not even connected to it. Example: "Lower gas prices" hack. Really? ~.~ "I have gained control of grandmas wheelchair. We are in!" "But... how? It isn't even connected to anything or has any electronic parts!" "Shh... your logic is getting in the way of my awesome."

Ravenlore_basic
Ravenlore_basic

Where to begin. People who cheer on the hacking of Sony I wonder if they cheer when hackers get information from their courtry. When their account, or home computer gets hacked? Like everything else people are people and and cheer what they do not like and hate the same behavior when its aginst them or something they like.

lifemeister
lifemeister

@Sokcr Hey dude, don't sweat it. If you go read comments in 360 articles you'll find the same kind of idiots talking stupid about MS-XBOX. Don't let a few numbskulls change the way you feel about a piece of hardware. Keep up the good gaming...gamer. :)

subtenko
subtenko

@deathwish026 they wernt hacked by children. It was the start of a breach that failed because Sony's security took notice and they took psn down themselves. The important info was encrypted.. btw xbox360 gets hacked on a regular biases by children as a FACT. and they hired that 12 year old too cause M$ is scared of them instead of fighting them like Sony does LOL

TTDog
TTDog

@SolidTy: Good point... except they aren't targetting "companies" they're targetting just one company... one whose arrogance and attitude hasn't made them very popular.

Spacerac
Spacerac

@SolidTy good point. Hell, they could hack the gas companies and lower their prices to $1.50 or $2 a gallon because the ish they're charging now is ridiculous! But one sector of Sony offends and now all sectors gotta pay.

XboxGuy1537
XboxGuy1537

@Rovelius It's not good for me, It's not good for anybody.....I really enjoy the PS3's, but I can hope they can update their security system.

lilrobda1
lilrobda1

derek_brown It's only right if the hackers do it. The world becomes balanced again.

GunGriffin
GunGriffin

ROFL! LOL! OMG................. Thats all I can say.............

zinoalex
zinoalex

I'm always surprised aty how many here defend the actions of the hackers. I have tried to stay neutrakl in this issue. It affects me as I know my info was stolen.There's nothing funny or flippant about that. All the users who had their info stolen(identity thift) did nothing to deserve this.But one is thinking about the innocent customers.And yes, Sony is partially to blame. I 've stated that before and I won't get in to it again here. I have no grudge against the hackers, but let's have an open debate, not a one-sided one.

MOwens9512
MOwens9512

File this under the "duh" section. I said it before that they weren't going to stop until they could tear down Sony. Not that we know if this claim is true or not, but it's definitely not unlikely that someone else went at Sony. They're going to keep trying to ward people off of the brand until they are caught it seems. It's just sad that they have such a strong reaction to Sony actually going after someone who cracked their merchandise like they did. Makes you understand why you seldom hear about other companies making a stand like this openly. Sure, everybody goes after hackers but Sony went public and loudly announced their victory and it left a bad taste in the losers' mouth. Just sad that the consumers and ultimately lower level employees (who'll probably lose their jobs when Sony tries to lessen the blow of their financial loss) are the ones who'll suffer the most from this. Damn shame.

lonewolf1044
lonewolf1044

Not everybody is entitled to that Welcome back program in which they failed to tell everybody when it was mentioned that you had to be enrolled into PSN prior to 20 Apr 2011. I know they is going to be some angry customers about that.

Sokcr
Sokcr

So another attempt to make sony look bad when it makes some of us 360 users look worse. Seriously this new age of console wars is stupid, everytime i read these news articles i kind of feel ashamed for owning a microsoft system. But furthermore, at least this time the hactivists actually owned up to it but hey they might back out of the claim once they figured out exploiting personal information is a federal crime

Ronnie_Rim
Ronnie_Rim

I guess Sony was lying about those "extra layers of protection" that they put up when PSN was down.

zennioparty
zennioparty

Druggernaut, in all honesty though, why did you buy a Go?

zennioparty
zennioparty

I still want to know how can they not have had the welcome back stuff ready by now? I mean really. As I said, I just want to get this stuff back now before before something else happens, lol.

blueman55
blueman55

@dRuGGernaut Preach On Reverend.... evn though i have a PS3

dRuGGeRnaUt
dRuGGeRnaUt

@TheHH you have to remember, even if said console company PURPOSELY messes up, the fanboys will defend it. Your comment about "why is the password info stored in plain text??!?" is completely valid, however with the past 6weeks+ psfans have become extra volatile due to frustration, but do to being unable to take it out on their beloved "SONY", they come on here and thumb down people making rational statements about the situation. BEING MAD ABOUT THIS IS OKAY, doesn't mean PS3 sucks, just means sony is messing up BIG TIME. It's like people defend the RRoDs.. Just makes you look rediculous. Both were problems, both were the fault of the company, now look where MS is, fine, so there's no reason to worry about admitting that Sony messed up. Get over it. move on everyone.

dRuGGeRnaUt
dRuGGeRnaUt

I have been trying to reset my psn password for 2 weeks for my psp. You have to do that on computer. anytime i try it says, "site down for maintenance". So i phoned sony yesterday. Took 32 minutes. guy answers phone, i told him ive been trying to reset it for 2 weeks, he said "yes that part of our system is down right now", i said, "no, ive been trying for 2 weeks." he said "since yesterday we have been having problems", i said once AGAIN that id been trying for TWO WEEKS. he said no, and to try every 1 to 2 hours until it works. also to re send the password reset email too. How much time do these people think i have? He expects me to sit, every hour and re try this otherwise i might not "get in the window before it shuts". what does that even mean? Will PSN EVER function like it did? PS: i have a psp go i bought a week before "the attack". Needless to say, i am getting my free games, then im out.. WORST experience with a product EVER.(for me)

Hvac0120
Hvac0120

The hackers should be able to make their point without publishing identifying information on people for the world to see. For both the PBS.com and SonyPictures.com attacks they stole identifying information and published it. Why can't they just be happy with proving to the company they did this? People are already upset with Sony's lack of security. Now these hackers are just making themselves look bad.

blueman55
blueman55

SONY SONY SONY.... And u want us to buy your PS4 when u have our passwords etc exposed to hackers. Maybe in another lifetime

ProjektInsanity
ProjektInsanity

First off, I'm finally going to collect a FAT 10 bucks from my friend. It took 15 years to prove it, but I'm finally there. Oh man, I'm salivating in anticipation of how I'm going to spend it. I love you Tupac! Second, while I've previously been backing Sony (mostly) throughout this ordeal, this is getting a little sad. A top-tier corporation that doesn't encrypt passwords? Come on. Still, the grimmer reality here is that it just so happens hackers are infatuated with Sony at the moment, but really, this could be any online site. While it can be fun to laugh at the big guy who gets caught with his pants down, this could've been any number of a thousand online sites. Do you guys honestly think that every website has a state-of-the-art, impenetrable security system with a team of specialists operating 24/7 to keep your precious information secure? I very much doubt it. If a hacker chose to focus on any number of the sites I regularly use to do business, chances are they'd eventually get my information.

rasterror
rasterror

I guess this is what Sony gets for their nice little rootkit.

Phatjam98
Phatjam98

It is amazing too me. All you kids calling for a hack of the 360 or MS and bashing the hackers. You are so blinded by you love of the Playstation that you cant see that Sony has taken its clients for granted in the worst way. This is Sony's fault an no one else. Even if MS was to get hacked, I promise you that password information is kept encrypted and various personal data is kept in separate locations. Stop giving Sony a pass on its bad business practice and hold them accountable and you may get better service. This is the second big attack on Sony in 3 months that has been wildly successful. We should all expect hack attacks, but they should never be this effective or gain this much info, period.

Phatjam98
Phatjam98

@TheGreatXL how are the hackers kicking Sony when they are down? Sony is a tech company, and they have a total disregard for their clients personal data. Hackers like these ones aren't trying to steal anyones identities and they aren't doing this and keeping quiet in order to do anything malicious. They haven't even posted all of the data online. They did what hackers should do, expose a failure on a companies part and force that company to do much better. Sony has failed over and over now to fix their lack of security. Ask anyone that works with passwords, you never store this info in plain text form, always always always use some hash protection/encryption. Simple as that. Sony has failed.

rasterror
rasterror

Sony's passwords must either be 1234 or asdf. If Sony was smart, which it doesn't appear to be, they would've shut down all of their servers and beefed up security worldwide. They honestly haven't learned. So now instead of just costing them money in the short term it's gonna cost them and their consumers money and their trust in the long run.

Spacerac
Spacerac

Honestly who would you believe here? Sony or these criminals? Who is obviously the lesser of the two evils?

Farro
Farro

Downloading Dead Nation and Infamous right now - nice one Sony

RPGFan4tic1985
RPGFan4tic1985

I find it hilarious that probably 99% of people clamoring about the violation of their precious "private data" have exposed themselves on no less than 4 or 5 other sites. Your information is not safe, it never is. Whether your address and phone numbers are in plaintext under Sony's care or elsewhere, if you think that in this digital age your information is ever really safe you are way too naive. Plaintext passwords = stupid, I agree. But still it's so funny that people are flipping out over their "sensitive private data" when it is almost certainly being passed around in spam circles already.

ggregd
ggregd

@malatato Sony says it's not related, but it is. It's related to their overall lax corporate attitude toward security. It adds insight into why this happened to PSN. Unencrypted passwords. That's unbelievablely lazy. You said yourself that you hate Sony. Doesn't help your credibility.

malatato
malatato

It is nice to see people who are asking to the so called "Hackers" for a untethered jailbreak in their Iphones or a Root for their Android devices are the same people who bash them in this thread... pathetic

MuffintopX
MuffintopX

All hackers please die in a fire. The world literally doesn't need any of you for any purpose whatsoever. And your lame "reasons" for hacking things are so backwards and convoluted you think you are heroes, when you are actually the terrorists. Maybe you will understand when you turn 18.

Neophyte555
Neophyte555

gee, the comments are filled with xbox 360 fanboys. why am i not surprised?

gawthy
gawthy

How would i know if they got my info. I dont care if they said that Tupac is alive it could be said to think they are amatures. Hackers find ways to access info and slowly build up enough data to get an id of some sort which means some hacker could have my info and slowly using it for bad reasons.

malatato
malatato

[This message was deleted at the request of the original poster]

penpusher
penpusher

ok...show of hands from anyone whos actually impressed .. .. .. anyone?

penpusher
penpusher

@monson21502 that comment just shows your ignorance. What about the users who details were stolen? Did they deserve it?