Hackers claim new Sony cyberattack

Jun 03, 2011 by Chris Lefkow
Hackers claimed to have stolen more than one million passwords, email addresses and other info from SonyPictures.com
Hackers have claimed to have compromised more than one million passwords, email addresses and other information from SonyPictures.com in the latest cyberattack on the Japanese electronics giant.

Hackers have claimed to have compromised more than one million passwords, email addresses and other information from SonyPictures.com in the latest cyberattack on the Japanese electronics giant.

The claim was made by a group of hackers calling themselves "Lulz Security," who published a number of files online containing lists of thousands of stolen email addresses and passwords.

"We recently broke into SonyPictures.com and compromised over 1,000,000 users' personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts," Lulz Security said.

"Due to a lack of resources on our part we were unable to fully copy all of this information," the group said. "In theory we could have taken every last bit of information, but it would have taken several more weeks."

To "prove its authenticity," the group posted lists of thousands of stolen Gmail, Hotmail, AOL, Yahoo and other email addresses and passwords on Pastebin where they were publicly accessible.

Sony, whose online services have been targeted by a series of cyberattacks over the past few weeks, said it was investigating the latest alleged breach.

"We are looking into these claims," Sony Pictures Entertainment executive vice president Jim Kennedy said in a statement to AFP.

SonyPictures.com features movie trailers and information about films and television shows and also allows users who sign up to receive email updates.

Lulz Security, the group which claimed the attack on SonyPictures.com, said the data theft exploited one of the most "primitive and common vulnerabilities."

"Why do you put such faith in a company that allows itself to become open to these simple attacks?" Lulz Security said.

"What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it," the group said. "This is disgraceful and insecure: they were asking for it."

A loose-knit "hacktivist" group known as Anonymous began staging attacks on Sony's online services in April in retribution for its legal action against hackers who cracked PlayStation 3 defenses to change console operating software.

Anonymous acknowledged carrying out distributed denial of service (DDoS) attacks but denied involvement in any data theft or the latest attack by the group calling itself Lulz Security.

In a typical DDoS attack, a large number of computers are commanded to simultaneously visit a website, overwhelming its servers, slowing service or knocking it offline completely.

Sony's PlayStation Network, its Qriocity music streaming service and Sony Online Entertainment were among the services targeted by hackers.

The company later suffered attacks on websites in Greece, Thailand and Indonesia and on the Canadian site of mobile phone company Sony Ericsson.

According to Sony, 77 million PlayStation and Qriocity accounts have been affected along with 25 million Sony Online Entertainment accounts, bringing the total to more than 100 million and making it in one of the largest data breaches ever.

Sony said Thursday that it has restored PlayStation Network services everywhere except Japan, Hong Kong and South Korea and partially resumed Qriocity.

has estimated that the cyber attacks could cost it 14 billion yen ($172 million), not counting compensation claims.

Explore further: Britain's UKIP issues online rules after gaffes

add to favorites email to friend print save as pdf

Related Stories

Hackers claim stealing SonyPictures.com passwords

Jun 02, 2011

Hackers claimed on Thursday to have stolen more than one million passwords, email addresses and other information from SonyPictures.com in the latest cyberattack on the Japanese electronics giant.

More Sony websites hacked, 8,500 Greek accounts hit

May 24, 2011

Sony on Tuesday said its websites in three countries had been hacked with 8,500 Greek user accounts compromised, in a blow to efforts to restore confidence after a huge data breach affecting millions.

Anonymous denies involvement in Sony data theft

May 05, 2011

Internet vigilante group Anonymous denied involvement on Thursday in the theft of personal information from over 100 million Sony PlayStation and Online Entertainment network accounts.

Sony to restore most PlayStation services this week

May 31, 2011

Sony said Tuesday it plans to restore by this weekend PlayStation Network services worldwide except in Japan, Hong Kong and South Korea, after being targeted in a massive online attack in April.

Recommended for you

Britain's UKIP issues online rules after gaffes

19 hours ago

UK Independence Party (UKIP), the British anti-European Union party, has ordered a crackdown on the use of social media by supporters and members following a series of controversies.

Sony saga blends foreign intrigue, star wattage

19 hours ago

The hackers who hit Sony Pictures Entertainment days before Thanksgiving crippled the network, stole gigabytes of data and spilled into public view unreleased films and reams of private and sometimes embarrassing ...

Digital dilemma: How will US respond to Sony hack?

Dec 18, 2014

The detective work blaming North Korea for the Sony hacker break-in appears so far to be largely circumstantial, The Associated Press has learned. The dramatic conclusion of a Korean role is based on subtle ...

User comments : 6

Adjust slider to filter visible comments by rank

Display comments: newest first

sherriffwoody
not rated yet Jun 03, 2011
Were they hackers or crackers. Hackers are not generally involved in this type of activity, I expect the daily media outlets to define the attacks as being done by hackers, instead of correctly identifying them as crackers, but i hope that that a science website would get it right. If the website is correct and the attacks are being done by hackers and not crackers can someone explain this to me. And if they are crackers, shouldn't it be defined correctly in the article. And if it was/is hackers, are they not now crackers??
J-n
5 / 5 (3) Jun 03, 2011
How to start?

First,
data theft exploited one of the most "primitive and common vulnerabilities."


Sounds a lot like Sony still has not done ANYTHING to protect it's users' data. Personally i feel that Sony should be held responsible for this breech. $10k per user who was comprimised should force them (and other companies) to take security seriously. If they had taken security seriously, the only attack that would have happened would have been the DDoS.

What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext


WOW! that's practically ASKING for the data to be stolen. One would think that a multi-national corporation would have cared even a LITTLE about their customers, and went the extra step to AT LEAST encrypt the data a little no?

J-n
5 / 5 (3) Jun 03, 2011
...in retribution for its legal action against hackers who cracked PlayStation 3 defenses to change console operating software.


Cracked the defenses? The system was DESIGNED to allow for multiple operating systems. It was orignially advertised as a FEATURE and a reason that many purchased this system over the competition.

I think it would be a bit more honest to state that the Group Anonymous attacked sony because Sony decided to disallow a feature of their product, then because people were still using this feature, decided to sue their customers.

Double thumbs up for Anonymous (IMO) Thank you for sticking up for the little guys!
FrankHerbert
0.7 / 5 (48) Jun 03, 2011
Multinational corporations beware!
krundoloss
not rated yet Jun 03, 2011
Yeah, as everyone knows, in the internet world, you cannot give people something then try to take it away. Its not gonna happen. Just like Napster. Go ahead, shut it down. There will be 3 more in its place within a day. I laugh whenever a P2P file sharing program is shut down, because I can literally take my pick of something else that works just as well. You cant stop it! Sony is learning that the hard way. The PS3 WILL GET HACKED. If you tell someone not to do it, that just makes it more exciting for them, hiding in thier basement with THIER HARDWARE THAT THEY PURCHASED THAT THEY CAN DO WHATEVER THEY WANT WITH.
MarkyMark
not rated yet Jun 04, 2011
Ps3 is sh#t anyway get an Xbox or a wii!

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.