Someone did it again. The LulzSec hacker group has compromised more than 1 million Sony Pictures accounts and had the opportunity to steal EVERYTHING. But the guys didn’t.
Due to the lack of resources, the hackers copied only a few thousand accounts and released them on various torrent trackers as a proof.
The guys over at LulzSec claim they broke into Sony Pictures database very easy and gained access to more than 1 million user accounts with all the associated information, 75000 music codes and 3.5 million music coupons.
Luckily for Sony, LulzSec didn’t want to steal and sell the account information. They copied a part of the accounts and published them on some torrent sites. The actual torrent contains 39000 email/password combinations and 12500 with email, password, address and birth date.
According to LulzSec guys, Sony has stored everything in plaintext, no encryption whatsoever. A simple SQL injection was enough to get all the data. Plaintext, again!
Sony promised it will change and strengthen its security after the PSN attack and yet it gets hacked again and again. I understand that Sony has lots of problems since the earthquakes in Japan, it is working on various projects (PSP2, PS4, phones, TVs, etc.), preparing for some expos (such as the upcoming E3), and lots of other stuff. But surely it could have been able to find time to put some encryption on every Sony associated accounts.
Sony is losing the trust of its loyal users, something that could bring down the whole company. Please, do something already instead of shiny PR, more shiny PR and apologies, otherwise this will end badly…or very badly.