Sony 'looking into' new hacker attack

Japanese company says it is investigating group's claims to have made off with personal information for more than 1 million Sony Pictures accounts; Sony says "not related to PlayStation."

by

Last night, Sony brought its PlayStation Store back online, ostensibly marking the end of a six-week saga that resulted in hackers obtaining identifying information for more than 77 million PlayStation Network and Qriocity accounts, as well as an additional 24.6 million Sony Online Entertainment accounts. However, Sony's hacker problem does not seem to want to go away.

Sony remains the target of hackers' ire.

The Associated Press is reporting today that the hacker group LulzSec has launched a new attack on Sony, one that has compromised more than 1 million people's personal information, including passwords, e-mail addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts. Fortunately for still-recovering PlayStation gamers, the target of LulzSec's attack was Sony Pictures website and not the PSN.

In a statement posted to LulzSec's website, the hacker group said that it had released the information it obtained through various torrent sites.

"Enclosed you will find various collections of data stolen from internal Sony networks and websites, all of which we accessed easily and without the need for outside support or money," the statement read. "We recently broke into SonyPictures.com and compromised over 1,000,000 users' personal information, including passwords, e-mail addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts."

"Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 'music codes' and 3.5 million 'music coupons,'" the statement continued. "Due to a lack of resource on our part (The Lulz Boat needs additional funding!) we were unable to fully copy all of this information, however we have samples for you in our files to prove its authenticity. In theory we could have taken every last bit of information, but it would have taken several more weeks."

The hacker group went on to say that the aim of its attack wasn't to build its own reputation. Rather, it hopes that this latest attack will "embarrass" the multinational mega-corporation.

"What's worse is that every bit of data we took wasn't encrypted," LulzSec said. "Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it. This is an embarrassment to Sony; the SQLi link is provided in our file contents, and we invite anyone with the balls to check for themselves that what we say is true. You may even want to plunder those 3.5 million coupons while you can."

Following up on that challenge, the AP reports that it has tested a swath of the information released and found it valid. One of those phone numbers found in the data, according to the AP, was for an 84-year-old Minnesota resident, who confirmed that the password obtained by LulzSec was indeed legitimate.

Responding to GameSpot's request for comment, a Sony Computer Entertainment America representative said of the matter, "It's not related to PlayStation." A Sony Pictures representative told the AP, "We are looking into these claims."

LulzSec shot to notoriety earlier this week, after taking over PBS.com and posting a story claiming that murdered rapper Tupac Shakur was alive, well, and living in New Zealand.

Discussion

Load Comments