Who did SONY piss off?! First Playstation Network and now this?????
Sony is not having a good year. As the company scrambles to get the PlayStation Network and Qriocity music service back online, it’s suffering from yet another security breach. This time it’s a hacker attack on various websites associated with Sony Pictures.
A team of individuals going by the name LulzSec, who recently managed to deface PBS.org’s homepage, announced that they have broken into SonyPictures.com and compromised more than 1 million user accounts. An additional 75,000 music codes and 3.5 million coupons were also uncovered.
The attack, part of a campaign known as Sownage, was announced on Twitter and on the LulzSec website. LulzSec said that it didn’t have enough resources to copy all the data that it was able to access. But the group did manage to grab a collection of databases that contain thousands of usernames.
The accounts, presumably associated with any sort of registered activity on SonyPictures.com (or its subsidiaries or partners), contain information like passwords, email addresses, dates of birth and other Sony opt-in data. This certainly isn’t as dangerous as the information that was exposed during the PSN hack, but it could still be used to gather access to more important accounts elsewhere.
The scariest part of this attack isn’t what was taken, but how easy it was for the LulzSec members to take it. According to the groups own press release, access to the main Sony Pictures website was gained using a very basic tactic called a SQL injection. We haven’t had a chance to examine the released files to see what this injection was, but it’s likely that an out-of-date software stack and relatively unprotected web server made passing the injection trivial. - read more - via MAshable