One Million Sony Customer Details Stolen by LulzSec

Sony Pictures
Via Sony Pictures

LulzSec has gained access to personal details of more than one million Sony customers. LulzSec says this includes ‘passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts.’  Sony Pictures, Sony BMG Netherlands and Sony BMG Netherlands has been targeted and  administration  details, 75,000 music codes and 3.5 million music coupons have also been stolen.

LulzSec has only released samples of the data on their new website, saying they are underfunded. Many samples are derived from the Sony Sweepstakes databases which had codes for music and log-in data. The database for Sony BMG Music Entertainment Netherlands showed very weak passwords, often with similar usernames and passwords. Records, bar code details, sales reports and employee details were stolen from Sony BMG Music Entertainment Belgium.

LulzSec said, in a press release, that they used ‘very simple SQL injection.’ All data was plain-text meaning all details were visible without any more decryption. The group believes that Sony should be embarrassed for having an obvious vulnerabilities, adding that they did not want to be seen as ‘master hackers’

Previously, LulzSec attack Sony Japan as well as PBS, Fox and ATM details. LulzSec’s new website has experienced a DDoS attack, though the website was immediately backed up by CloudFlare which is displaying a cached copy.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s