Sony's user's info gets stolen...Again

[Eri]

Sony getting its ass handed to it by hackers is becoming about as newsworthy as a netbook release, but this one is particularly brutal: Lulz Security just released a file containing over a million user logins. Home addresses included.

The Lulz crew says their gigantic dump includes:

Personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 "music codes" and 3.5 million "music coupons".

Not stuff you want floating around on MediaFire (and not something we're going to link to, out of respect for the privacy of that million plus).

So, why'd they do it this time? FOR THE LULZ? No. To teach a lesson, they say:

"Our goal here is not to come across as master hackers, hence what we're about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?"

As much as this is a shit move on their part, they have a good point. All of this extremely sensitive user data was stored in plain text, with zero encryption whatsoever. Sony is clearly beyond the palest pale of ineptitude when it comes to keeping their house in order. Their server rooms have had a screen door on them for the past month. Get it the hell together.

http://gizmodo.com/5807996/hackers-spill-over-1000000-sony-online-accounts

Why God?! Whhhhyyyyyyyyyyyyyy!? This is past sad.

 

[Limecake]

I think the last paragraph sums it up the best.

it wasn't nice that LulzSec released all this private info but a major company like Sony caught off guard by a simple SQL Injection is a joke.

maybe Sony will put some real security in place now.

 

[Fawcks]

Sony has always kinda treated their customers like garbage, honestly.

 

[cryogeist]

Makes me glad i never got a PS3
...
then again it's only a matter of time before Microsoft gets hacked...then again...i don't know how good their security is...

 

[slacker09]

Can you clarify something for me, is this information from the Playstation Network that was released or information taken from other sony related accounts?

 

[Biodeamon]

Bwhahahahahahahahaha!

good, good....

 

[wooty]

Getting bored of this now, just throw these guys an old PS3 with linux on it, or whatever sad excuse theyre using for this mess.

But as I said, no one is safe, Sony, Play, Lockheed-Martin have all been attacked.
Attacking Sony now is now is just like kicking a wounded man, pathetic.

 

[Ashendarei]

jesus, how does their CIO still have a job?

 

[Eri]

jesus, how does their CIO still have a job?

He stayed on as the companies CEO instead of CIO.

...


Dohohoho

 

[babinro]

Why do you have to hack a website and steal information in order to prove a point?

Customers don't want their information stolen to show someone a lesson. You have other means of getting a companies attention that aren't against the law and that don't inconvenience thousands of people.

On the other hand, I'm assuming a LOT by thinking these hackers have a genuine interest in improving Sony's security and have nothing personal to gain.

 

[Danpascooch]

To everyone who said this wasn't Sony's fault, and it could have happened to anyone, I have two words for you: SQL Injection, they broke in with a fucking SQL injection, that's like forgetting to lock the front door the day after someone broke in and stole everything you own.

 

[Ladette]

Sony security is a joke, but it's a shitty move by the hackers to release innocent customers personel info. Sony is hugely at fault, but the users are being punished for something they had no power over. I wish bad things upon them.

edit: Scratch bad things, I hope they all die of Super AIDS.

 

[Bags159]

There's no excuse for this. I don't care if this is Sony's fault, nothing justifies this. You can't unput your faith in Sony at this point so the whole, "why do you put faith in them" line is bullshit. Companies don't delete your personal information just because you unsubscribe, or close your account.

 

[Lono Shrugged]

I'm never getting Soul Reaver am I?

 

[Kopikatsu]

Can you clarify something for me, is this information from the Playstation Network that was released or information taken from other sony related accounts?

http://www.escapistmagazine.com/forums/read/18.288638-LulzSec-steals-SonyPictures-everything-Updated?page=1

It was Sony Pictures. PSN probably has security out the ass now.

 

[slacker09]

Can you clarify something for me, is this information from the Playstation Network that was released or information taken from other sony related accounts?

http://www.escapistmagazine.com/forums/read/18.288638-LulzSec-steals-SonyPictures-everything-Updated?page=1

It was Sony Pictures. PSN probably has security out the ass now.

Ah, thank you for clearing that up for me.