LulzSec has gained access to personal details of more than one million Sony customers. LulzSec says this includes ‘passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts.’ Sony Pictures, Sony BMG Netherlands and Sony BMG Netherlands has been targeted and administration details, 75,000 music codes and 3.5 million music coupons have also been stolen.
LulzSec has only released samples of the data on their new website, saying they are underfunded. Many samples are derived from the Sony Sweepstakes databases which had codes for music and log-in data. The database for Sony BMG Music Entertainment Netherlands showed very weak passwords, often with similar usernames and passwords. Records, bar code details, sales reports and employee details were stolen from Sony BMG Music Entertainment Belgium.
LulzSec said, in a press release, that they used ‘very simple SQL injection.’ All data was plain-text meaning all details were visible without any more decryption. The group believes that Sony should be embarrassed for having an obvious vulnerabilities, adding that they did not want to be seen as ‘master hackers’
Previously, LulzSec attack Sony Japan as well as PBS, Fox and ATM details. LulzSec’s new website has experienced a DDoS attack, though the website was immediately backed up by CloudFlare which is displaying a cached copy.