In mid April 2011, Sony Computer Entertainment was subjected to external DDoS attacks. To further complicate matters, roughly a week later (on 4/20/11), the PlayStation Network was again attacked, but more severely.
Now:
A prestigious hacker group "LulzSec" announced that they had gained access to SonyPictures.com and stolen over 1 million accounts, passwords and sensitive user information. Shortly after the news broke, copies of the compromised data were surfacing on filesharing websites and BitTorrent trackers including The Pirate Bay.
The group left a message on PasteBin revealing the full extent of the intrusion, which includes thousands of email and password combinations, personal information (including names, addresses, dates of birth and phone numbers), nearly 3.5 million "music coupons" and over 60,000 "music codes". The group also announced that Sony's security was overcome by a simple SQL injection attack.
In a statement, the group said: "SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?"
The group also stated: "Every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it."
The group has released much of the plundered data, though these only contain a small amount of the compromised data. Full databases have also been posted online, along with a database layout text document to aid the extraction of data. The database contains both military and government email and password combinations, and also admin accounts to Sony Pictures Online.
The following excerpt was taken from the "FILE CONTENTS.txt" document that accompanies LulzSec's limited release:
Contents of our plunder:
## Sony_Pictures_International_AUTOTRADER_USERS.txt ##- In this file you will find just under 12,500 customers of Sony;this includes dates of birth, addresses, emails, full names,passwords, user IDs, and personal phone numbers.
## Sony_Pictures_International_COUPONS.txt ##- In this file you will find just under 20,000 Sony music coupons;please note that there are 3.5 million coupons to take - get them!!
## Sony_Pictures_International_MUSIC_CODES.txt ##- In this file you will find just under 67,000 Sony music codes;they're like magnets,i simply have no idea how they work.
and much more...
I havnt been mentioning some 20 more file names showing some pity to Sony!!
Future:
Well..dear SONY we didnt expect this from you. By the way hats off to you LulzSec!!This is what a white hack means. LulzSec just exposed Sony's vulnerabilities and thats all.
PLEASE NOTE:This article is dedicated to my friend who was just boasting about SONY:-)
1 comment:
nice one...
Post a Comment