James Helsby

Sony Pictures gets hacked. Again. One million passwords taken

Decrease Font Size Increase Font Size Text Size Print This Page

Man, someone really wants to see Sony suffer. At least this time, the PSN network wasn’t taken down. Instead the target was Sony Pictures.

It seems that a group, identified as Lulz Security, has by passed what ever measures Sony might have put in place, with a simple SQL injection.

Now get this. It seems that the 1M user names and passwords were all stored in… Plain Text. Seriously.

According to Engadget:

A portion of the group’s exploit is posted online in a RAR file, which contains over 50,000 email / password combos of unfortunate users. We’ve downloaded this file (at our own risk, mind you) and can verify these sensitive bits are now in the wild, though it remains unclear if what’s published matches reality. In addition to user information, the group has blurted out over 20,000 Sony music coupons, and the admin database (including email addresses and passwords) for BMG Belgium employees.

Seriously Sony, this is getting to be a running gag. In this day and age, security needs to be on corporations top most important things to invest in. After all, penetration through the gateways just makes it all that much easier to work through the internet network. Most corporations don’t just put their one single web server up and out there, they usually have ties back to the main corporate network. And while most firewalls will prevent breach access, they often can not pose any restrictions if the correct credentials are passed. Failing to an SQL injection is one thing, but leaving a user/password manifest in plain text? That’s just ridiculous.

Time to invest in a crypography class, Sony. Next time it might be something more costly. Like say, PSN? (duh. duh. duh.)

(source) (official statement from Lulz)

Leave us a Comment