On the heels of a Memorial Day weekend hack of the PBS website – an act of retribution for an unflattering Frontline report on Wikileaks, the prankster-hackers LulzSec have found their next target. And it’s a target that’s just recovering from another security breach, namely Sony.
LulzSec claims to have broken into the Sony Pictures website and compromised over a million users’ accounts.
According to the group’s statement, this includes “users’ personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts.” The group also says that it’s breached the site’s administrative security and has passwords, 75,000 music codes and 3.5 million music coupons.
The group claims to have accomplished this via “a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now.” Indeed.
Although Sony has yet to issue a statement about the break-in, Lulzsec has posted a sample of the data in order to substantiate its claim.
The news is the latest in a series of disasters the Japanese company has faced this year, reflected in the double-digit percentage loss of revenue it posted last week. Sony’s Playstation Network was hacked in April, exposing the personal data of some 70 million customers. The network announced that all systems were back online this week, just in time for hackers to strike a different Sony subsidiary apparently.
