Here we go again. Another Sony property has been hacked. This time the victim is Sony Pictures, and LulzSec has taken credit for the break-in. LulzSec also hacked into the Sony Music Japan website at the end of May. Do you want to know how LulzSec managed to pull off the hack? It used a SQL injection tool. This is the same method that was successful in every Sony website attack we’ve reported on over the past few weeks.
LulzSec is hacking into Sony websites just for fun, but the group has also taken it one step further by posting the information it stole. Over 1 million passwords, real names, birth dates, addresses, phone numbers and email addresses from Sony Pictures were made public.
“From a single injection, we accessed EVERYTHING,” LulzSec said in a statement. “Why do you put such faith in a company that allows itself to become open to these simple attacks?”
What’s even more alarming is that LulzSec claims that the passwords weren’t even encrypted. They were stored in plaintext format.
LulzSec also stole administrative passwords for Sony Pictures along with 3.5 million music coupons and 75,000 music codes. Those codes are now floating around on The Pirate Bay according to BoingBoing.net.