Sony Website Hacked By the "Lulz Boat"

[Greg Tito]

Sony Website Hacked By the "Lulz Boat"

A new hacker collective pilfered more than a million of personal passwords, emails and dates of birth.

After threatening to hack into Sony's systems for weeks on the group's Twitter feed, a group who alternately calls themselves LulzSec and the Lulz Boat has finally made good on project "Sownage" - that's Sony + ownage in case you confused the term with planting crops. The Lulz Boat infiltrated SonyPictures.com today and allegedly stole over 1 million users' personal information with a SQL injection. The group claims that much more could have been nabbed if only they had the resources (read: money) to make it happen, prompting a request for donations. All of the personal information that LulzSec were able to steal despite meager means is now posted online, along with a press release stating their intention was merely to call out Sony's botched security measures.

"We recently broke into SonyPictures.com and compromised over 1,000,000 users' personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts," LulzSec's statement read.

The attack was not made maliciously but in order to instruct the public about Sony's awful security practices. "Our goal here is not to come across as master hackers, hence what we're about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed everything. Why do you put such faith in a company that allows itself to become open to these simple attacks?"

Sony apparently didn't have the wherewithal to encrypt the personal information collected on SonyPictures.com. "What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it."

I'm not sure that kind of rape-logic holds up, but LulzSec does have a point. Sony is a big company, with lots of interchangable parts, but you think database security would be at the top of every divisions to-do list right about now.

Source: LulzSecurity [http://lulzsecurity.com/releases/]

Thanks to [user]ckeymel[/user] for the awesome-est tip in the world!

Permalink

 

[standokan]

As if they wouldn´t have hacked if it was better secured.

(well maybe they couldn´t if it was like crazy secured but still)

 

[Kopikatsu]

Ckeymel? Pfft! I posted this hours ago. [http://www.escapistmagazine.com/forums/read/18.288638-LulzSec-steals-SonyPictures-everything-Updated?page=1]

Anyway, I have absolutely zero idea of both how to hack systems, and also how to encrypt information, so I can't really side with one group or the other on this...but I default to siding with Sony, if only because in an ideal world, we should be able to leave our doors unlocked without fear of being raped and murdered in the middle of the night. Then have the corpse kicked. Over and over and over.

Anywho, I kind of doubt LulzSec's claim that they were only doing it to show vulnerability since they posted the information publically. Sure it was needed as proof, but they compromised personal information and accounts in doing so. Wouldn't it have been better to just email Sony's CEO with the information? Not to mention LulzSec's claim of Sownage being 'The beginning of the end for Sony'

 

[Internet Kraken]

I just don't get this. How can Sony keep letting this happen to themselves? They've been attacked constantly recently. They should have increased security across the board right now. Plus these guys were constantly bragging about how they were going to hack Sony prior to actually doing it. I understand that threats on the internet aren't usually taking seriously, but if your company has been ransacked by hackers recently you'd think that would be a cause for concern.

Que a bunch of people calling the hackers pricks even though they clearly don't give a shit and know they are being assholes.

Other thought is why do these people want to be dicks. They can find all the security flaws they want as long as they report them in a nice mannor. They have no right to be a dick by embaressing a company and causing problems for the users who did nothing wrong.

Because they enjoy being assholes and want as much attention as possible. "Hackers carefully point out flaw in Sony security" isn't much of a headline compared to "Hackers steal a ton of data from Sony and post it online".

 

[dropZero]

Why does this keep happening? Is it just cool now for hackers to go after Sony and shaft innocent people by posting their personal information on the internet?

 

[Jumplion]

I don't care anymore.

I just. Don't. Care.

They want to attack the very people who they think they're fighting for, by all means, go for it. Just know that this reverse psychology only works when the psycho behind it is sane.

 

[reddfawks]

*Stands up to say something*

...

*Makes "Eff this!" motion with her hands and slumps back down in her chair*

 

[Jonny49]

Can these people display Sony's terrible security without stealing everyone's shit?

 

[Kopikatsu]

Ckeymel? Pfft! I posted this hours ago. [http://www.escapistmagazine.com/forums/read/18.288638-LulzSec-steals-SonyPictures-everything-Updated?page=1]

I've noticed you seem to be keeping quite up to date with the Sony hacks and also with Lulzsec. Due to some of your posts, I can get the basic gist of what's happening.

Just wanted to say thanks for that!

Does this mean I can call you a stalker? HELP! POLICE!

Anyway, I'm pretty much just stalking LulzSec's Twitter and copy/pasting the information here. No big secret involved.

 

[Eri]

Let's set sail for fail.

 

[TitanAtlas]

Goddamit Sony... you dun goofed up...

Spoiler: Imagine the girl is Sony

Just imagine that the girl is Sony... just do it for me while youre watching the video xD

 

[Dr. wonderful]

...I'm sick of hackers as a whole.

Read my goddamn text:

Spoiler

[HEADING=1]YOU ARE NOT FUCKING HEROES[/HEADING]

.

No one will sing of your battles, no one will think of you as heroes out to help the littleman. All they see is a group of peopple willing and able to enter their private lives and steal their information.

Which you freaking idiots did, oh Noble of Noblemen.

So thanks, you exposed over a 1,000,000 people to identity theft. I hope you freaking proud of yourselves.

 

[MurderousToaster]

Sony.

You are shit. Seriously. It's now like any bored hacker can just think "Slow afternoon. I feel like stealing everyone's personal information on a site. I don't feel like a challenge today, so I'm just going to hack Sony."

 

[Shycte]

Criminals with cause are still criminals.

 

[spasicle]

Storing user passwords in plaintext is beyond inept. Even the most basic forum software hashes passwords, Sony really is asking to be hacked. And a SQL injection? Ridiculous.

 

[mad825]

Sony should be sued.

 

[Lvl 64 Klutz]

Congrats, LulzShit or whatever. Sony is looking for a punching bag right now. You've pretty much just handed them your heads on a silver platter.

 

[9thRequiem]

If you're hacking a system "to educate", why post what you've stolen? It seems way too malicious.

Then again, encrypting passwords wen storing them is pretty much security 101. Should be stored with a one-way hash. I knew Sony had security flaws, but this is a little too much - Even small companies get this right, so I can't begin to imagine why Sony failed.