Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.

Sony Website Hacked By the “Lulz Boat”

This article is over 13 years old and may contain outdated information
image

A new hacker collective pilfered more than a million of personal passwords, emails and dates of birth.

After threatening to hack into Sony’s systems for weeks on the group’s Twitter feed, a group who alternately calls themselves LulzSec and the Lulz Boat has finally made good on project “Sownage” – that’s Sony + ownage in case you confused the term with planting crops. The Lulz Boat infiltrated SonyPictures.com today and allegedly stole over 1 million users’ personal information with a SQL injection. The group claims that much more could have been nabbed if only they had the resources (read: money) to make it happen, prompting a request for donations. All of the personal information that LulzSec were able to steal despite meager means is now posted online, along with a press release stating their intention was merely to call out Sony’s botched security measures.

“We recently broke into SonyPictures.com and compromised over 1,000,000 users’ personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts,” LulzSec’s statement read.

The attack was not made maliciously but in order to instruct the public about Sony’s awful security practices. “Our goal here is not to come across as master hackers, hence what we’re about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed everything. Why do you put such faith in a company that allows itself to become open to these simple attacks?”

Sony apparently didn’t have the wherewithal to encrypt the personal information collected on SonyPictures.com. “What’s worse is that every bit of data we took wasn’t encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it’s just a matter of taking it. This is disgraceful and insecure: they were asking for it.”

I’m not sure that kind of rape-logic holds up, but LulzSec does have a point. Sony is a big company, with lots of interchangable parts, but you think database security would be at the top of every divisions to-do list right about now.

Source: LulzSecurity

Thanks to ckeymel for the awesome-est tip in the world!

Recommended Videos

The Escapist is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission.Ā Learn more about our Affiliate Policy