Home / News / Internet News / Sony Hacked Again; Security Branded “Disgraceful”

Sony Hacked Again; Security Branded “Disgraceful”

David Gilbert



The IT guy over at Sony Towers must be getting pretty annoyed at this stage. Having just managed to restore the PlayStation Network (PSN) following one of the largest cyber-attacks in the history of the Internet, they now face another highly embarrassing breach where 1,000,000 Sony Pictures accounts were compromied.

Yes, it’s happened again. A group of hackers calling themselves LulzSec last night published on the internet a portion of the one million accounts they hacked including usernames, passwords, names, addresses, phone numbers and dates of birth. Lulzsec are the group behind the hack of the PBS website last week when a fake story about rapper Tupac being alive and living in New Zealand was posted for a number of hours. In a post on its website, which is currently offline, the group outlined what they did and, most worryingly for Sony and its customers, just how easy it was for them breach the security:

We recently broke into SonyPictures.com and compromised over 1,000,000 users' personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 "music codes" and 3.5 million "music coupons."


LulzSec describes itself as a small group of hackers who feel “the drabness of the cyber community is a burden on what matters: fun.” The breach of SonyPictures.com was done with a very simple SQL injection, one of the most primitive and common vulnerabilities. “From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?” All of the data compromised was stored in plain text, which according to the hackers means “they were asking for it." LulzSec, which is based in the Bahamas, has even posted the code used online to allow anyone else who wanted to attempt the hack to do so for themselves. This will add to the embarrassment for Sony who are still trying to recover from last April’s breach. While this breach is a lot less damaging and was done for fun rather than financial gain, it has been picked up by media outlets throughout the world and will further damage Sony’s already battered reputation.

Associated Press managed to contact one of the people whose private information was published, an 84-year-old Elizabeth Smith, who confirmed the username and password published were correct and she had now changed them. She added that she was upset that Sony had not managed to protect her details properly.

LulzSec Twitter

Sony has yet to comment properly with Sony Pictures Jim Kennedy simply saying it was aware of the claims and they “are looking into these claims.” The IT guy at Sony Towers must be sweating now, wondering when or where the next attack will come.

Source: LulzSec


June 3, 2011, 2:23 pm

Although I feel sympathy for Sony, eg. I've personally had my Dedicated Server hacked into a few times, luckily only web defacement, and not personal information. But I do feel Sony's recent action say against GeoHot possibly put them in the firing line. Maybe the moral of the story don't take these guys to court, hire them instead.


June 3, 2011, 3:29 pm

Look I don't have much time for Sony, but even less for arrogant and unpleasant little brats like these. They call Sony's poor security "disgraceful". That suggests they care about Sony's customers. If they cared, why POST PEOPLE'S DATA online and SHOW EVERYONE ELSE HOW TO STEAL IT?? They could have been discreet, showing Sony first and giving them the option to respond; they could have alerted regulators in various countries; but then they wouldn't be able to stand on their soapbox and show off like the asses they are.

Employ them? No. Arrest them. Even better, find out who they are and post their names and addresses online for all to see. See how they fecking like it. Rant over...

Sam Wright

June 3, 2011, 7:11 pm

I think brats is certainly the word. Find them, sue them, then put them in prison, away from their computers. Then see how they fare in the real world. How they think what they do is anything other than pathetic I don't know.


June 3, 2011, 7:22 pm

I was on about hiring GeoHot, he jailbreaked the PS3 & iPhone, he never hacked into Sony. But by taken GeoHot to court all it's done is get the hacking community pissed, not ideal for a company that has a big web presence. I can guarantee getting angry about it, ARREST/ARREST/EXTERMINATE etc, won't help.

Hamish Campbell

June 4, 2011, 1:15 am

It's true about Tupac, he lives just up from my cuz in Wanganui.

Hamish Campbell

June 4, 2011, 1:18 am

Oh, and what a rockin granny, 83 and fraggin hard core on PSN! You l33t G-ma!

Judderman 1

June 4, 2011, 2:02 am

i think you have all missed the point .... at the end of the day they breached Sony's security with a 2 year old exploit, and this is after Sony have apparently "beefed" up their security. I hope Sony get sued for millions personally.....although i do not agree with the tactics, at the end of the day this has highlighted wot little regard big companies place on data security!


June 4, 2011, 3:30 pm

Keithe6e: GeoHot might well have been useful to Sony; on the other hand maybe they figured he wouldn't be a responsible employee but an unmanageable ass, which is reasonable. As for getting angry, I make no apologies: They are criminals, committing crimes. Suggesting that people responsible for data theft might be pursued through the criminal justice system doesn't seem that outlandish to me...


June 4, 2011, 10:28 pm

Why Sony? Again and again!!

Could it be that they hacked off the Hackers? In my humble opinion it has to be the conclusion.

All for what?

Last week "Filesharer sentenced to three years' probation - 58-year-old Scottish grandmother (former nurse) admitted downloading and sharing more than 30,000 music files" ( http://www.guardian.co.uk/technology/2011/may/31/filesharer-sentenced-three-years-probation?INTCMP=SRCH )

"Strathclyde police searched Muir's Ayrshire home following a formal complaint from the two music bodies. Muir was arrested after the police found computer equipment that contained 7,493 digital music files and 24,243 karaoke files."

Worth an estimated £54,000!!!!

Firstly, how the HELL can anybody make use of all these files?

I doubt even a professional DJ for parties and functions etc spends that kind of money on music?

It such such ridiculous extrapolation on which the phony 'losses' are computed: "According to research by Harris Interactive, about 1.2bn music tracks were illegally downloaded in the UK last year. The BPI estimates that those would have cost £984m if bought via retail sources, though it did not put a figure on how many sales were actually lost..."

Here's the REAL explanation for the downloads: she was "suffering from depression".

So why a sentence of 3 years?


June 5, 2011, 4:29 am

I never really liked sony computers that much but the customer service was dreadfull. I am not sure why these hackers did this but seems they dont like Sony either and for some reason just because you can do it and want to show it doesnt mean you should.

My Sony PS3 died recently so I dont play online games that much and dont have any payment details online so I am ok but my address details may be. If i do get identity fraud committed against me then I know were too look.

comments powered by Disqus