Skip to main content

Sony Pictures website hacked

LulzSec has been on a tear, infiltrating several websites and databases. They play "The Love Boat" theme song on their site.
LulzSec has been on a tear, infiltrating several websites and databases. They play "The Love Boat" theme song on their site.
STORY HIGHLIGHTS
  • This is the second security breach at Sony in just over a week
  • Hacker LulzSec announces they have compromised more than 1 million user accounts
  • Attacks underscore just how important it is for brands to keep their web servers updated
RELATED TOPICS

(Mashable) -- Sony is not having a good year. As the company scrambles to get the PlayStation Network and Qriocity music service back online, it's suffering from yet another security breach.

This time it's a hacker attack on various websites associated with Sony Pictures.

A team of individuals going by the name LulzSec, who recently managed to deface PBS.org's homepage, announced that they have broken into SonyPictures.com and compromised more than 1 million user accounts. An additional 75,000 music codes and 3.5 million coupons were also uncovered.

The attack, part of a campaign known as Sownage, was announced on Twitter and on the LulzSec website.

LulzSec said that it didn't have enough resources to copy all the data that it was able to access. But the group did manage to grab a collection of databases that contain thousands of usernames.

The accounts, presumably associated with any sort of registered activity on SonyPictures.com (or its subsidiaries or partners), contain information like passwords, email addresses, dates of birth and other Sony opt-in data.

This certainly isn't as dangerous as the information that was exposed during the PSN hack, but it could still be used to gather access to more important accounts elsewhere.

The scariest part of this attack isn't what was taken, but how easy it was for the LulzSec members to take it. According to the groups own press release, access to the main Sony Pictures website was gained using a very basic tactic called a SQL injection.

We haven't had a chance to examine the released files to see what this injection was, but it's likely that an out-of-date software stack and relatively unprotected web server made passing the injection trivial.

LulzSec says that all of the information it took was unencrypted.

"Sony stored over 1,000,000 passwords of its customers in plaintext," says the hackers' press release, "which means it's just a matter of taking it. "

Seeing as this is the second security breach of a major Sony-branded website in just outside of a week, we have to ask: Is anyone at Sony employed to handle web security?

Sure, managing a large number of brands and properties that are often connected in name only has to be a challenge, not to mention the logistical and administrative challenges of managing websites that can store millions of user profiles. Still, that doesn't make up for what by all appearances is an abysmal security record.

LulzSec has been on a tear, infiltrating the websites and databases for the UK television program, "The X Factor," parts of Fox.com, Sonymusic.co.jp and many parts of PBS.org in the past three weeks alone.

The attacks, while often juvenile in nature and execution (the Lulzsecurity.com website plays the theme from "The Love Boat"), underscore just how important it is for brands to keep their web servers updated, hardened and monitored. In the age of simple publishing tools like WordPress, it's easy for managers to underestimate the importance of having someone on contract or on staff to keep data encrypted and protected.

We can only hope the most recent cyber attacks convince executives to think seriously about investing in online security.

See the original article on Mashable.com

© 2013 MASHABLE.com. All rights reserved.

[TECH: NEWSPULSE]

Most popular Tech stories right now