Sony suffer new hacking problem

[Dark Drakan]

This time not involving their PS3. According to reports this morning a hacker working on behalf of LulzSec who were responsible for the hacking and defacing of PBS.org's homepage has hacked into Sony Pictures customers accounts. They claim to have exposed 1 million peoples accounts with 75,000 music codes and 3.5 million coupons associated with Sony Pictures customers being affected too.​

LulzSec said they simply didnt have the manpower to collect as much of the data as they could have dont but they collected databases containing thousands of usernames. They arent believed to have taken them for profit but are merely poking fun at Sony's security. Something which has been heavily criticised as of late with PSN on their PS3 being hacked. They also claim that all the data taken was unencrypted and includes passwords, email addresses, dates of birth amongst other registration information. ​

Heres the quote from the hackers themselves:​

Greetings folks. We're LulzSec, and welcome to Sownage. Enclosed you will find various collections of data stolen from internal Sony networks and websites, all of which we accessed easily and without the need for outside support or money. We recently broke into SonyPictures.com and compromised over 1,000,000 users' personal information, including passwords, email addresses, home addresses,dates of birth, and all Sony opt-in data associated with their accounts.

Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 "music codes" and 3.5 million "music coupons". Due to a lack of resource on our part (The Lulz Boat needs additional funding!) we were unable to fully copy all of this information, however we have samples for you in our files to prove its authenticity. In theory we could have taken every last bit of information, but it would have taken several more weeks.

Our goal here is not to come across as master hackers, hence what we're about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in
a company that allows itself to become open to these simple attacks?

What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it. This is an embarrassment to Sony; the SQLi link is provided in our file contents, and we invite anyone with the balls to check for themselves that what we say
is true. You may even want to plunder those 3.5 million coupons while you can. Included in our collection are databases from Sony BMG Belgium & Netherlands. These also contain varied assortments of Sony user and staffer information.

 

[Vergil'sBitch]

How is this supposed to make account owners feel?:
1. "OH CR*P WE'VE HAD OUR DATA STOLEN! PANIC!!!!!"
OR
2. "We've had our data stolen, but that's okay, they were trying to expose Sony's lack of security.
Bragging about it? (Sorry that's what it looks like to me anyway.)

 

[Ebony]

I heard about this today and thought Sony again!!!! The hackers are twats and I'm beginning to like Sony less and less. >_<

 

[Dark Drakan]

How is this supposed to make account owners feel?:
1. "OH CR*P WE'VE HAD OUR DATA STOLEN! PANIC!!!!!"
OR
2. "We've had our data stolen, but that's okay, they were trying to expose Sony's lack of security.
Bragging about it? (Sorry that's what it looks like to me anyway.)

Normally hackers are paid to exploit flaws in companies software so they can release updates to fix the problems. The reason they did it was because it was so easy they felt the need to bring it to public attention rather than the company themselves. Just to embarrass Sony and to make them improve their security and stop using the stone age protection they have been.

The reaction they wanted was people saying 'How can Sony let this happen AGAIN and why havent they done more to keep our data safe?'. They have put all the 3.5 million music coupons online for the general public to use too instead of keeping them for themselves.

The way you have to think about it is...
If a small hacking group can get in and take all this data but not want it for personal gain and speak about it publicly and not want it for profit, what happens if a big criminal hacking group wants to get access to it to actually steal your personal information to sell or steal from you with and then not inform anyone.

 

[Vergil'sBitch]

Normally hackers are paid to exploit flaws in companies software so they can release updates to fix the problems. The reason they did it was because it was so easy they felt the need to bring it to public attention rather than the company themselves. Just to embarrass Sony and to make them improve their security and stop using the stone age protection they have been.

The reaction they wanted was people saying 'How can Sony let this happen AGAIN and why havent they done more to keep our data safe?'. They have put all the 3.5 million music coupons online for the general public to use too instead of keeping them for themselves.

The way you have to think about it is...
If a small hacking group can get in and take all this data but not want it for personal gain and speak about it publicly and not want it for profit, what happens if a big criminal hacking group wants to get access to it to actually steal your personal information to sell or steal from you with and then not inform anyone.

I never knew that about paying hackers. I just thought most hackers were ebil and out for themselves.
Thanksfor explaining it Dark Drakan. I suppose i just either didn't understand it, or just didn't know about it.

Does anyone think Sony will ever completely recover from these problems?

 

[Dark Drakan]

Does anyone think Sony will ever completely recover from these problems?

Of course, just a matter of them doing everything they can to sort out their security issues. A company as big as them shouldnt be having these issues in the first place. Can never totally prevent hackers as they will always find a way around security but it shouldnt have been anywhere near as easy as its been in both the huge cases involving Sony.

 

[Sparda's rejected son]

I just bought content from the PSN PSP store and this happens.. Granted this problem is about pictures (which I didn't know Sony had) but still it makes you wonder. Now how do u remove your credit card info from PSN PSP data base? lol

 

[Dark Drakan]

I just bought content from the PSN PSP store and this happens.. Granted this problem is about pictures (which I didn't know Sony had) but still it makes you wonder. Now how do u remove your credit card info from PSN PSP data base? lol

Go to Playstation's main website and log in Go to manage account> It will take you to another Playstation website where you need to log in again> Click billing info> Remove all credit card details.

Thread on it here on Gamespot.

 

[Sparda's rejected son]

Go to Playstation's main website and log in Go to manage account> It will take you to another Playstation website where you need to log in again> Click billing info> Remove all credit card details.

Thread on it here on Gamespot.

Your awesome dude, thank you!! ^_^

 

[Sparda's rejected son]

Darn I tried your advice and their other website is down. So I can't even remove my billing info. Sony you truly are PURE evil!!!!! Sigh. Thanks anyway dude. ^_^ I'll try again when they fix that website.

 

[Dark Drakan]

Darn I tried your advice and their other website is down. So I can't even remove my billing info. Sony you truly are PURE evil!!!!! Sigh. Thanks anyway dude. ^_^ I'll try again when they fix that website.

Should be other ways from Sonys site to get into your profile, just have to login and follow some links.

 

[Sparda's rejected son]

Should be other ways from Sonys site to get into your profile, just have to login and follow some links.

I should try and see if their are other ways to get into my own account. But the fact I have to do all this wondering around really is bad on Sony's part. PS2 never had these issues and in my opinion that's why PS2 was the best video game system, followed by Game Cube and than the Sega Genesis! ^_^ Anyway I'll try that, thanks again dude. ^_^

 

[Mr Anderson]

As far as I see it with everything happening and the network going down for a long time ****ed a few people off and Sony ****ed off the wrong people... the nerds who ca F*ck up everything and as you see like every week a new section of sony gets hacked i.e. Look at above talk of sony images.