I guess once it became clear that Sony’s web infrastructure is something less than secure, every hacker and scripter out there is looking to get a piece of the glory. The latest to fall to the black hats is Sony Pictures, which was breached by a simple SQL injection.
The group responsible for the attack, Lulz Security, summarizes the hack:
We recently broke into SonyPictures.com and compromised over 1,000,000 users’ personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 “music codes” and 3.5 million “music coupons”.
If you’re a member of the Sony Pictures website, be aware that your password, address, and any other data you’ve given over is now in the hands of anyone who wants it. More info as it develops.
As before, this post doesn’t mean we support Lulz Security’s actions; responsible hackers break security all the time and donate or sell the vulnerabilities to the affected companies, but this is just an act of data theft. That said, that so much information was being kept in such an insecure fashion is, as before, worrying.