Sony suffers fresh website hack

By Wesley Yin-Poole Published 3 June, 2011

"They were asking for it."

Sony is investigating a hack that's seen thousands of usernames and passwords posted on the internet.

Group LulzSec has claimed responsibility for the breach just days after it said on Twitter it was attacking Sony and making off with internal data.

The hackers published the names, birthdates, addresses, emails, phone numbers and passwords of thousands of people who had entered competitions promoted by Sony Pictures.

LulzSec said that a single SQL Injection flaw led them to more than one million clear text passwords, 3.5 million "music coupon" codes, and 75,000 "music codes".

None of the information it took from Sony was encrypted, the hackers claimed.

"Our goal here is not to come across as master hackers, hence what we're about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now," the group said on its website.

"From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?

"What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it."

Sony Pictures this morning responded on Facebook. "We know many members of the Sony Pictures community may have questions related to recent news reports about attacks on SonyPictures.com and related Sony Pictures Entertainment websites," Sony said.

"We are looking into these claims and will let you know as soon as we have more information. Please continue to follow Sony Pictures on Facebook and Twitter for updates as they become available."

The Sony Pictures hack comes hot on the heels of the attack on PlayStation Network that saw personal details tied to 77 million accounts compromised.

Only this week did Sony turn the PlayStation Store on after over a month of outage.

Yesterday Sony Network Entertainment president Tim Schaaf defended the Japanese company's online security at a US House Energy and Commerce panel hearing, saying it suffered "quite a remarkable attack".

Picture of Wesley.

About Wesley Yin-Poole

Wesley is Eurogamer's news editor. He likes news, interviews, and more news. He also likes Street Fighter more than anyone can get him to shut up about it.

Read more articles from Wesley by visiting the Wesley Yin-Poole archive page.

You may also like...

Comments (114) Latest comment 12 months ago

Comments for this article are now closed, but please feel free to continue chatting on the forum!

  • hy4000uk #1 12 months ago

    OMG EUROGAMER Y DO U H8 SONY SO MUCH HERP DERP

  • Snaggletooth #2 12 months ago

    Cock Suckers!!!

  • coolbritannia #3 12 months ago

    actually you'll find it was a fake database. or they actually just trawled google for all this data. or *insert absurd fanboy denial here*

  • suicidal_penguins #4 12 months ago

    Fuck off hackers

  • jonharrispro #5 12 months ago

    will it never end......im starting to feel sorry for sony but feel at the end of the day its probably only average Joe like myself that will suffer.

  • StolenGlory #6 12 months ago

    Oh for fuck sake.

    Give it a rest you cunts.

  • glencooley #7 12 months ago

    First time, you prove a point. The second time, your reiterating that point. The third time you just look like wankers.

  • blarty #8 12 months ago

    Quick question.....

    How many times have you been asked to set up a password in order to enter an online competition?

  • DozyKipper #9 12 months ago

    Look at you, hackers. Pathetic creatures of meat and bone, panting and sweating as you run through my corridors.

  • Rubbish_Russ #10 12 months ago

    Why ARE they targeting Sony so much, as opposed to any other big business? And if their "objective" is not be shown as master hackers, what is the objective? Sony to fail? Punishing customers of Sony?

  • rockavitch #11 12 months ago

    Of course SOny was hacked again, it doesn't matter how good or bad your security is, with so many people attacking you someone will always get through, only reason it's Sony now is because they made some dick moves, if someone else, regardless of their security, annoy the wrong people they'll be hacked just as easily, that's how the "numbers game" works.

  • PinktotheLast #12 12 months ago

    If they carry on like this we'll be forced to invent a new collective noun for them.

    I.e. A Wankfest of Hackers

    Any ideas?

  • sfp_noodle #13 12 months ago

    Whatever their agenda, I can't wait for the wankers to be caught and thrown in jail. The FBI aren't stupid. They WILL be caught sooner rather than later.

  • MavSkipper #14 12 months ago

    Internet being ruled by the government... here we come!! They were asking for it.

  • coolbritannia #15 12 months ago

    @RubbishRuss, no, they're not claiming to be master hackers, that's why they used the ancient sql hack, to prove a point.

    “Why do you put such faith in a company that allows itself to become open to these simple attacks?” - LulzSec statement.

    I think they're being quite clever here, not targeting PSN so gaming isn't affected, but releasing this on the day PSN is restored to bury that good news under this.

  • Spong #16 12 months ago

    Hackers are twats, although I can't help but lol @ Sony.
    Edited by Spong at 03/06/11 @ 12:41

  • Goodfella #17 12 months ago

    I wonder if they will still think it's really clever when they're being violated in the prison showers.

  • coolbritannia #18 12 months ago

    "If they carry on like this we'll be forced to invent a new collective noun for them. "

    A Sony of cunts?

  • GamesConnoisseur #19 12 months ago

    GIVE IT A REST!

    Expected new security in place for all arms, subsidaries of Sony, you are being targeted, dont give them any pleasure. Man the fort and erects the wall higher.

  • Huxamalay #20 12 months ago

    The thing is, it's LulZsec has actually broken the Data Protection Act by publishing this data not Sony. Yes Sony's security seems to be subpar and I foresee them getting a big slap on the wrist for this, but LulZsec will be prosecuted and most likely imprisoned if caught

    If genuine, I wish LulZsec all the best, you’re gonna need good lawyers to get out of this mess you terminal codpieces.
    Edited by Huxamalay at 03/06/11 @ 12:47

  • Spydy #21 12 months ago

    Do the math: 1,000,000 customers entering, say an average 200 characters per person?

    That equals 200mb. And they need funding to download the data??

    I smell absolute BS.
    Edited by Spydy at 03/06/11 @ 12:47

  • Daddy-Doom-Bar #22 12 months ago

    Thank god for teenage hackers with nothing better to do. I can't believe Sony would leave all that info unsecured and open to abuse from...well....teenage hackers with nothing better to do.

  • CaptainQuint #23 12 months ago

    One thing is clear: Sony need to take a step back a while, have a rethink, come up with a new, better strategy, before coming down hard on these idiots. They need to toughen the fuck up.

    At the moment Sony are a laughing stock.

  • coolbritannia #24 12 months ago

    Expecting hackers to be scared of the DPA? Lulz(Sec)

  • goatjugsoup #25 12 months ago

    FUCK YOU lulsack
    I've had i t with hackers, maybe if we treat them like the trolls they are and ignore them they'll lose interest and go the fuck away

  • immateriaux #26 12 months ago

    They really are a bunch of complete fuckwits. This all plays right into the hands of people who want to restrict internet freedom and deny privacy on the net. And is ultimately attacking ordinary customers and lessening our choices. Absolute turds for brains these so called hackers

  • Vemsie #27 12 months ago

    First of all: what does this have to do with gaming? It's a Sony Pictures website.
    Secondly: if you hack to find flaws in security, fine. But if you publish that data you are a massive cunt.

  • Kami #28 12 months ago

    So bored. Hackers are just proving what we already know now. Sony really have no PR defense left.

    Still, an SQL Injection is really pretty primitive. LulzSec are of course being utter bellends, but then, Sony need to hire better backend developers because that's embarassing...

  • SpookyTang #29 12 months ago

    Never one to really care about big corps being hacked but enough is enough. From skimming the ps3 hacker forums it seems some of those accounts are valid and active, poor show from the hackers.

  • Whatascoop #30 12 months ago

    This just in, news story unrelated to the content/readership of a website reported as breaking news.

  • alan_stealth #31 12 months ago

    Ha ha ha. Sony PR fail.
    Pretty good description of the PS3 as a whole.

  • customfirmware #32 12 months ago

    why dont these cunts get a dick and fuck off!!!!

  • Raptaur #33 12 months ago

    It's quite amuzing to read these comments [link url=http://www.eurogamer.net/articles/2011-06-03-sony-defends-slow-psn-hack-response#comments
    ]http://www.eurogamer.net/articles/2011-0...[/link]

    Then come back to reading this story

    coolbritannia can be too much but at least they look to be right
    Edited by Raptaur at 03/06/11 @ 13:00

  • Snufkin #34 12 months ago

    @PinktotheLast - A Circle-jerk of Hackers?

  • Aradiel #35 12 months ago

    They managed that with a simple SQL injection attack? If so, the security of the site is pathetic. Though I wouldn't like my information to be out there like that, this will hopefully put the boot up someone's arse so they can learn to code properly.

  • playn #36 12 months ago

    xbox 360 ftw :)


    ps: sony had it coming, charging an extortionate price of £600 on release was a joke considering the lack of titles available, they've failed hard this console generation.

  • customfirmware #37 12 months ago

    @pinktothelast - premature species??

  • Phreez #38 12 months ago

    Twats.

  • Trent_Steel #39 12 months ago

    I can see these hackers right now. Cliffy B posters up on their wall, barely used skateboards under their messy beds,frantically scrabbling away for anything that can keep their tribe from the inevitability of a 3rd place finish.

    You will always be third.

    Look outside, it's a sunny day and the streets are crawling with beaver. Do something productive.
    Edited by Trent_Steel at 03/06/11 @ 13:03

  • dingo75 #40 12 months ago

    Why ARE they targeting Sony so much, as opposed to any other big business? And if their "objective" is not be shown as master hackers, what is the objective? Sony to fail? Punishing customers of Sony?

    First it was about GeoHotz but now it's just fashionable to hack them.
    This will continue until the nexct big company provokes hackers and makes them re-focus their target.

  • Lusterpurge #41 12 months ago

    Fool me once, shame on you.
    Fool me twice, shame on me.
    Fool me about nine times....

    welll....

  • FireMonkey #42 12 months ago

    @Huxamalay - "The thing is, it's LulZsec has actually broken the Data Protection Act by publishing this data not Sony"

    Actually Sony have broken it by not keeping the data secure.

    From the FAQ on the Data Protection Act:

    Q: Must I encrypt all the information I store on computer?

    Not necessarily. The Data Protection Act does not require you to encrypt personal data. However, it does require you to have appropriate security measures in place to guard against unauthorised use or disclosure of the personal data you hold, or its accidental loss or destruction. Encryption might be a part of your information security arrangements – for example, in respect of confidential personal data stored on laptops or portable storage devices. On the other hand, you might not need to encrypt data which always remains on your premises, provided you have sufficient other controls on who can access it and for what purpose. Even where you do encrypt personal data, you will probably need to take additional steps to comply with the Act’s information security requirements. Read more about complying with these requirements in the section about information security.

    I'm not agreeing with what the hackers have done, but at least it is showing how badly Sony are treating our private data. If banks treated our banking data this poorly would anyone be protecting them?
    Edited by FireMonkey at 03/06/11 @ 13:07

  • xizzu #43 12 months ago

    While true that in the ned its the average joe thats will suffer.

    Its pitiful that Sony servers were hacked by simply using the ultra documented (old) sql injenction.

    I do not agree with hackers, but i don feel any pity for such a huge company like sony that ahas such a pitiful security measures (YEs being hacked with the sql injection method, in these times and AFTER what happened to them in the last 2 months its pretty lame and says a lot about Sony).

    P.S. The only console that i ever owned its psp (and cant wait for the NGP)

  • apoc_reg #44 12 months ago

    Hackers burn in hell

  • kosigan #45 12 months ago

    Now if only we could come up with a group noun for hackers that's as good as "a wunch of bankers" (as on the TV series Hustle).

  • Snaggletooth #46 12 months ago

    @sfp_noodle "Whatever their agenda, I can't wait for the wankers to be caught and thrown in jail. The FBI aren't stupid. They WILL be caught sooner rather than later."

    I would love for them to be caught and thrown in jail by the FBI... but the hackers are based in China by the sound of it, so it might be very difficult to get them!

  • Augmentation #47 12 months ago

    Look, Eurogamer, this has nothing to do with video games. Yes, Sony as an umbrella term covers video games but if you're following that mantra why aren't you also reporting on every little thing Microsoft does? Yes, Sony has had "some" hacking problems lately but if Microsoft suddenly announced a massive error in their desktop OS (which they do from time to time) you wouldn't report it here. You're just fuelling the fire and rewarding the hackers by posting these stories.

    That being said, I really don't understand this group. I can guarantee you that Paramount Pictures or 20th Century Fox (or any other film production group) will have similar security to Sony Pictures'. I still doubt that SCE even had exceptionally bad security but does anybody really expect a film company to specialise in this stuff (they should, yes, but of all the businesses in the world...)? LulSec are experiencing selection bias in their hackings.

  • Bradach #48 12 months ago

    i think i read about this in BIG WHOOP magazine

  • Kremlik Verified Co-Founder, Crash To Desktop #49 12 months ago

    I'm trying to weigh up the difference, either The Sun displaying 'scandal pics' of a celeb to get people to buy the paper or Eurogamer giving hackers a platform to 'express' themselves for hits.

    No they are about the same

    EG you might as well come out and admit you are loving this as it's just the amount of anti-Sony shock tabloid news you wanted for mass hits, I'm sorry but there is MUCH better news to cover like hm... GAMES? You know Darksiders 2 has a 'leaked' video intro and DEATH being playable in that?

    Oh sorry that doesn't count, you just report scandals.

  • Goodfella #50 12 months ago

    ps: sony had it coming, charging an extortionate price of £600 on release

    The amount of times I've seen that price quoted is hilarious. It cost £425 at launch, add the price of an HDMI cable if necessary

    Dick head.

  • kosigan #51 12 months ago

    @Augmentation: "LulSec are experiencing selection bias in their hackings."

    Hardly surprising - bullies, being cowards, always go for the easy targets.

  • DefendoCroc #52 12 months ago

    I know ... why dont we criticise the hackers for exposing Sony's total and utter lack of security , at least these guys come out and tell you they did it rather than just nicking the data and selling it on etc. You Sony defenders are have the most misguided sense of loyalty i have ever seen from a consumer base, theres no wonder your all sonys bitches.

  • mss99 #53 12 months ago

    Exactly how is the this gaming news? I don't see the link.

  • richarddavies #54 12 months ago

    These twatty hackers keep trying to justify there actions and acting like it's just Sony in the wrong but they really need to wake up and realise how cunty there being. Not to mention how illegal it is.

  • jonbwfc #55 12 months ago

    " they were asking for it."
    I can think of various other groups of people that use the same justification. You're not doing yourself any favours being lumped in with any of them, I assure you.

  • Toothball #56 12 months ago

    It's Little Bobby Tables all over again.

    Also with a name like LulzSec, is anyone really taking them seriously?

  • mumblyjoe #57 12 months ago

    Pretty sure this happened last week

  • fizzyfish #58 12 months ago

    Well done, hackers. Now fraudsters can abuse everyone's personal details without even having to go to the trouble of hacking a website to get them.

    Couldn't you have made the same point by sending the data you obtained back to Sony, instead of posting it on the internet? And if "they were asking for it", then why do something from which their customers will suffer more than Sony themselves?

  • rudedudejude #59 12 months ago

    Sony continue to suuuck

  • jefranklin18 #60 12 months ago

    Eurogamer in blatant attempt to up page hits again? The "news" section of this site is really pathetic.

  • tiny_Eggy #61 12 months ago

    Gaming related? Of will Eurogamer be posting every hack of every website from every company from now on? Or just Sony?

  • el_pollo_diablo #62 12 months ago

    Surely they 'prove a point' by doing it and emailing it to Sony (or a newspaper). By publishing it they're doing something else entirely.

  • Dizzy #63 12 months ago

    SDF to the rescue!

  • Goodfella #64 12 months ago

    @jefranklin, tiny eggy

    Indeed, why don't they publish shit like this [link url=http://www.dailymail.co.uk/news/article-1393603/Colin-Blanchard-bleats-allowed-XBox-360-prison-cell.html?ito=feeds-newsxml
    ]http://www.dailymail.co.uk/news/article-...[/link]

    Cause that's about as relevant to the PS3 as this hacking article is.
    Edited by Goodfella at 03/06/11 @ 13:37

  • Dj_ade_76 #65 12 months ago

    If hackers did not exist, then there would be no need for elaborate security systems. Hackers as much as they piss many Fanboys off, provide a service which Sony's website and database providers don't. Security system testing. And the Data Protection thing, it's very 50/50, sony providers provided security, the hackers used a primitive method to break the security, but had the security been tighter, and encryption used, and hacker groups used more advanced hacking, it would make little difference, security was provided, and broken by keen hackers.

  • Stompy #66 12 months ago

    Post deleted at 23:13:35 17-04-2012

  • Goodfella #67 12 months ago

    @Dj_ade_76

    So you're saying it's like the arms race then?

  • RobotRocker #68 12 months ago

    Oh sorry that doesn't count, you just report scandals.

    Guess who just figured out the value of news.

    Scandals and tabloidish stories get hits. Especially from skittish nerd fanboys who must defend corporations. So I don't blame EG from indulging in stories that pay their bills (Even if the quality of reporting is sloppy at times).

    Sony can't fix their interwebs while also trying to 'fix' national talent competitions. Amazing.

  • Zozzilla #69 12 months ago

    "Claimed".

    That is all.

  • coolbritannia #70 12 months ago

    "It's quite amuzing to read these comments http://www.eurogamer.net/articles/2011-0...

    Then come back to reading this story

    coolbritannia can be too much but at least they look to be right" - oh they'll bury you for that reptaur!

    Hey Goodfella's here, SDF are GO!
    Edited by coolbritannia at 03/06/11 @ 13:54

  • Metalmikey666 #71 12 months ago

    This is totally inexcusable - sql injections and password hashing is web security 101. I need a way to get my details away from this company if that's how careless they're going to be!

  • Goodfella #72 12 months ago

    I'd hate to disappoint you, coolbritannia.

  • Jay-ITFC #73 12 months ago

    @Hackers

    I understand you want me to hate Sony for not protecting my data sufficiently. Problem is I end up hating you cunts even more for posting my personal details all over the internet.

  • Dj_ade_76 #74 12 months ago

    @goodfella, not so much an arms race, more like, bank updates safe, safecrackers up their game to access new updated safe. Or maybe the safe security is so fancy that they forgot that people still use paperclips.

  • phonic360 #75 12 months ago

    There must be a reason why Sony are being hacked a lot lately. Obviously someone knows something we don't know..?

  • menage #76 12 months ago

    "From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?"

    Why don't you go fuck yourself.



  • Seoh #77 12 months ago

    Ok so the hackers are doing this for our benefit right? exposing our details?

    If this was done purely for wholesome reasons they wouldn't post all the details, just maybe put a note up on the site or delete it all from the sony site.

  • drhickman1983 #78 12 months ago

    "Well done, hackers. Now fraudsters can abuse everyone's personal details without even having to go to the trouble of hacking a website to get them.

    Couldn't you have made the same point by sending the data you obtained back to Sony, instead of posting it on the internet? And if "they were asking for it", then why do something from which their customers will suffer more than Sony themselves?"

    That nicely sums up my feelings on this. LulzSec and their supporters have constructed some self-righteous facade, showing how terrible the nasty sony company is, yet ultimately they come across as attention seeking penes out to irritate and annoy as many people as they can.

  • coolbritannia #79 12 months ago

    are people seriously wondering why they are being targeted by hackers? are you blind? long and short term memory loss?

  • coolbritannia #80 12 months ago

    "That nicely sums up my feelings on this. LulzSec and their supporters have constructed some self-righteous facade, showing how terrible the nasty sony company is, yet ultimately they come across as attention seeking penes out to irritate and annoy as many people as they can."

    Actually they openly state their mission is to annoy...

  • Kremlik Verified Co-Founder, Crash To Desktop #81 12 months ago

    @Robotrocker - there is a massive difference between posting scandal and posting good quality related content, it's called good journalism.

    BOTH easily can 'pay the bills' but the latter will net you a whole lot more respect, the former is just quick and lazy, if EG wants to go sown the 'quick and easy' path which they have been doing for the past year with the old 'copy and paste' job with reports then fair to them but in terms of respect it's not doing them any favors, don't get me wrong EG isn't the only 'big name' to do this, but it proves a point when certain video bloggers get over a quarter of a million hits a day for their 15 min videos and the 'big names' have to bottom feed for a smattering of hits.

  • drhickman1983 #82 12 months ago

    "Actually they openly state their mission is to annoy..."

    Maybe it's more their retarded supporters who are trying to justify it by pointing fingers at sony then.

  • RobotRocker #83 12 months ago

    there is a massive difference between posting scandal and posting good quality related content, it's called good journalism.

    If good games journalism sold, there would be a website exploiting that market. EG certainly produces good content and articles, but the bread and butter is breaking news reporting, scandal and churnalism. It's endemic to the games industry and such a tightly controled media. I certainly used to rail about it but since studying it a fair bit, I have just accepted market reality. The days of Amiga Power stirring the pot because eventually companies would come crawling back to them are dead.

    For example I can see why Jim "Human Garbage" Sterling gets such a huge amount of hits. It's Fox News-esque polemics and trolling. Not that I like the fact that the fat, misogynist, complete human scum is getting ratings. But it works and I can't blame Destructoid or The Escapist for wanting to make money in a capitalist world even if its dragging back 'gamer culture' and its image back to the pre-2000 era (Pre-1996 I would argue)

  • frazzl #84 12 months ago

    I hope the SDF realize that other gaming sites are reporting this too. It's not some Eurogamer conspiracy for fucks sake.

  • frazzl #85 12 months ago

    I hope the SDF realize that other gaming sites are reporting this too. It's not some Eurogamer conspiracy for fucks sake.

  • FireMonkey #86 12 months ago

    @Jay-ITFC - "@Hackers
    I understand you want me to hate Sony for not protecting my data sufficiently. Problem is I end up hating you cunts even more for posting my personal details all over the internet."

    I read that and it got me thinking. If Sony's security was that poor, then who is to say another hacker has not already got access to the data and been using it fraudulently and just not published the fact? Surely a hacker who wants to use the data would do a much better job of it by NOT telling the press?

    At least we know now and can take action.

    Hopefully all companies that collect data are paying attention and are all improving their own security and people are becoming more careful about how and who they share there data with. I know it's a bitch that it has happened, but it can only improve things in the long run.

  • coolbritannia #87 12 months ago

    Goalpost shift #3.

    to recap:

    #1 - it's a fake database the hackers got punk''d by Sony lolz
    #2 - LulzSec haven't hacked anything this is all info they google'd
    #3 - OMG this is Sony pictures, in no way related to Sony Computer Entertainment.

    If only a word could crop up in Sony Pictures and Sony Computer Entertainment that links them together?

    P.S Goodfella outed as Daily Mail reader, says it all really.

  • blarty #88 12 months ago

    Not having seen the data, but understanding that this was all about online competitions.... I wonder if these plaintext passwords were in fact, the answers to questions in said competitions..... just a thought.

  • FireMonkey #89 12 months ago

    @Coolbritania - "#1 - it's a fake database the hackers got punk''d by Sony lolz"

    Is that true? I haven't seen Sony saying anything about this yet have you got any links?

  • Bluetooth #90 12 months ago

    OK, you can stop it now Microsoft.

  • Nithron #91 12 months ago

    That security really was terrible. They did not need to publish this stuff though. Naturally, Sony's response to being told their security is bad would definitely have been "Give us your real name and address so we can sue you".

    However, they only need to extract one bit of info from it. Or have a load of it but censor it to make it useless to third parties.

    Basically, what they did could have been justifiable, but that execution was pretty thoughtless, and childish. I doubt somehow that their motivations were actually good at all anyway, of course...

  • coolbritannia #92 12 months ago

    "@Coolbritania - "#1 - it's a fake database the hackers got punk''d by Sony lolz"

    Is that true? I haven't seen Sony saying anything about this yet have you got any links?"

    Sorry, I should have made it clear, those are fanboy goalposts, not Sony's. A guy on the forum claimed #1 within minutes of this story breaking last night.

  • kinth #93 12 months ago

    while you might all be mad at them, they do have a point.

    why are people trusting a comapnay with such sensitive information when they cant be assed to use the mos tbasic methods of protection on it.

    you can say hackers are dicks all you want, but in the end sony should have more protection on this information than they do.

    and there not going to change it till someone shows them.
    codemasters got hacked recently that didnt turn into a scandal because they had the brains to encrypt sensitive data.

    seems sony dont learn their lesson, hackers will keep doing it till they do.

  • archangel1009 #94 12 months ago

    I really don't understand why Eurogamer has come under fire by Sony fanboys lol, this got reported on all major news sites (BBC,Reuters,etc).

    It's not about Sony not being at fault ffs it's about the fact it happened once, twice, three times...oh gawd...and again...shows them to be unable to keep information secure as a company, like many have pointed out it happens to many other companies but end of the day this is a big enough example to make everyone realize how unsecure your private details are.

  • kinth #95 12 months ago

    @rubbish_russ

    there targeting sony because every other big company has the sense to use basic protection on their data.

    other companys get targeted everyday but nothing big is made of it because 90% of the time the data is encrypted.

  • Machiavellian #96 12 months ago

    The objective no matter if you love or hate the hackers is for you to lose confidence in Sony as a company. The hackers are not looking for your love and I am sure they do not care what you think of them. The fact is that when you think about giving Sony your personal information, you will hesitate or not do it because Sony will be on constant attack. When you think about it, it's a well laid out plan that will definitely affect Sony as a business.

    I really feel this is just the tip of the iceberg. Sony being such a big Company can be attacked in so many ways that trying to plug all their very obvious holes will cost them a small fortune.

  • telboy007 #97 12 months ago

    "If only a word could crop up in Sony Pictures and Sony Computer Entertainment that links them together?"

    Just too funny.

  • blarty #98 12 months ago

    '.... targeting sony because every other big company has the sense to use basic protection on their data.'

    They're targeting Sony because they're the current flavour of the month, and people are so ready to believe their claims, they can spout as much BS as they wanted, and people would still lay all (note I said 'all') the blame at Sony's feet.

    Currently, we don't have any idea what the data is, remember all the 'oh noes, Sony stored my PSN password as plaintext' moans on here and across the internet.... well they didn't... they used the basic protection of hashed passwords.

    Facts are as yet thin on the ground, and I'm about as trusting of an organisation that calls itself 'LulzSec' as I am of the authenticity of an email originating from Nigeria suggesting that I could make a quick bit of cash by allowing someone who has difficulties with the regime, access to my account to transfer 650m US Dollars.

    I'm not standing up for Sony here, or indeed shooting them down, but if all the hackers want is to give Sony some bad press and spread some FUD to tarnish their already battered reputation..... well, sorry, but you're doing the work for them.

  • eltonpr0n #99 12 months ago

    The continued incompetence of Sony knows no bounds. You would have thought after the psn fiasco that the whole of Sony would react.

  • arcam #100 12 months ago

    @blarty

    As the first line of the story says, the data has been released. You don't have to take anyone's word for it, you could see for yourself if you cared to look hard enough.

  • bluetoothion #101 12 months ago

    Siding with thieves due to mere fanboyism is pretty pathetic

    i fail to see the righteous and noble motivation from a THIEF claiming that the door was not locked properly thus somehow results in a self acquired right to get in and steal... (such a dangerous path.)

    Its weird yet sadly unsuprising to see people targetting the lack of security first instead of the thieves themselves.

    I m sorry there is a need to point out that no one should be hacking/attempting to retrieve/exploiting even for a prank anyone elses personal details without prior consent no matter HOW and WHERE data is stored.
    Its like being pickpocketed and been called up, for not shoving your wallet up your arse.

    and while i d like to have a trustworthy mechanism for my data i can not really turn against sony before turning against the thief whose action intent and result are FOOKING I L L E G A L and as far as we know.... hackers got more and more in frenzy the more sony tried to secure the system. and now target anything same branded, i can not comprehent how is this remotelly acceptable.

    its also sad to see that on to top to EG projecting hackers and giving them room to brag and have some form of fame come those silly fanboys that make hackers think they also have groupies... way to go peeps.


  • coolbritannia #102 12 months ago

    "Currently, we don't have any idea what the data is" - download the torrent then, I know what the data is.

  • arcam #103 12 months ago

    I m sorry there is a need to point out that no one should be hacking/attempting to retrieve/exploiting even for a prank anyone elses personal details without prior consent no matter HOW and WHERE data is stored.

    Are you being ironic, or are you unaware Sony attempted to retrieve thousands of people's personal details without their consent also? You could say this is where the serious shit started.

    However I agree that it's absolutely not OK to release usernames and passwords onto the internet, even if they are just passwords for a random Sony site. People (stupidly) use the same password everywhere, and your primary email being compromised is not good.

  • man.the.king #104 12 months ago

    I see coolbritannia has resumed masturbating at the prospect of further possible damage to Sony while hugging his 360 Slim (that came with Kinect).
    Edited by man.the.king at 04/06/11 @ 08:39

  • man.the.king #105 12 months ago

    If just the name "Sony" is enough to warrant reporting a Sony Pictures website hack (even though it has nothing to do with gaming), then shouldn't the stealing of SSL certificates from Microsoft via hacking also have been reported?

    1) Breach of Google, Yahoo, Microsoft
    2) Microsoft patches Windows Phone

    No? "Microsoft" gets a free pass then? Non-gaming hack news just for Sony then EG?
    Edited by man.the.king at 04/06/11 @ 07:48

  • FireMonkey #106 12 months ago

    @parsnip - "This is bollocks.they haven't done shit. Just sad lonely bastards trying to get some attention. I could make a list of personal details and say 'i nicked 'em off Sonys website'

    Until Sony say otherwise I reckon this is just a load of crap."

    Sony have confirmed they were hacked. They don't say much else but they were hacked:
    [link url=http://www.huffingtonpost.com/2011/06/04/sony-pictures-confirms-lulzsec-hack_n_871303.html
    ]http://www.huffingtonpost.com/2011/06/04...[/link]
    Edited by FireMonkey at 04/06/11 @ 22:33

  • bioreit #107 12 months ago

    @man.the.king

    "No? "Microsoft" gets a free pass then? Non-gaming hack news just for Sony then EG?"

    Or maybe it could be because Sony is currently experiencing sustained attacks across several fronts, not least of which were at least two separate assaults on its gaming services - the PSN hack and the one on SoE - and that the various groups currently targetting Sony may not be done with the gaming side of their business just yet? Particularly as every Sony site targetted by these disparate groups and individuals seem to be as poorly protected as the next, in spite of the vast amounts of warning they've had that this will continue.

    I mean, you have to admit that this is at least peripherally linked to gaming - I don't imagine for one second that if the Sony Pictures hack was a completely isolated incident and the other hacks (particularly the PSN one) had never occurred that Eurogamer would be reporting on this one. So maybe the reason why the SSL breach of Microsoft went unreported was down to the fact that they weren't also experiencing a massive attack on their gaming systems during the same period, rather than your (not so) implict accusations that Eurogamer has an anti-Sony agenda?

    Just a thought.
    Edited by bioreit at 05/06/11 @ 12:37

  • man.the.king #108 12 months ago

    @bioreit

    There is a possibility, NOT a certainty (as you are claiming) that this may have something to do with gaming, but for any new Sony websites hacks, I think this has less to do with that and more to do with the fact that there are a lot of /.-esque talented geeks who hate Sony, either for reasons of their own experience or just because they need something to deride and are jumping on the anti-Sony bandwagon. And then there are those who are just seeing Sony as a lucrative or tempting target right now - i.e. "kick somebody while they are down" mentality being one possible reason. A possibility is not enough of a reason to resort to selective reporting.

    And as for the poor protection, I'm thinking Sony's security is no better or worse than the majority of the rest of online portals.

    "rather than your (not so) implict accusations that Eurogamer has an anti-Sony agenda"

    Not EG - Purchese and Yin-Poole.

    And if you want to check, look at other major GAMING websites - e.g. IGN, Gamespot - they have NOT reported this hack (as of Saturday) on their gaming portals as the hack is not PlayStation-related.
    Edited by man.the.king at 06/06/11 @ 17:09

  • bioreit #109 12 months ago

    @man.the.king

    "There is a possibility, NOT a certainty (as you are claiming) that this may have something to do with gaming, but for any new Sony websites hacks, I think this has less to do with that and more to do with the fact that there are a lot of /.-esque talented geeks who hate Sony"

    I don't think I made myself as clear as I meant to, for which I apologise. I was referring to Eurogamer's continued coverage of hacks on Sony websites, even those that are not actually gaming related - seeing as Eurogamer is a gaming news website. I was stating that it was possibly a tad unrealistic to expect news of hacks on non-gaming Sony websites to go unreported during the same period that Sony had suffered hacks on its gaming websites as - for whatever reason - they do appear to be linked, at least through mere chronology. Added to that, there is very little reason to believe that the various hacker groups are going to get bored with Sony any time soon, so future Sony gaming-site hacks are quite probable.

    Meaning that the reporting of Sony non-gaming website hacks are, at least peripherally, relevant for Eurogamer to report on. But that's just my take, which I was offering as a counterpoint to your assertive question that "If just the name "Sony" is enough to warrant reporting a Sony Pictures website hack (even though it has nothing to do with gaming), then shouldn't the stealing of SSL certificates from Microsoft via hacking also have been reported?"

    "And as for the poor protection, I'm thinking Sony's security is no better or worse than the majority of the rest of online portals."

    Again, sorry - I don't think I made myself as clear here as I meant to. I was referring not necessarily to the actual security measures protecting Sony's data, but the fact that the very data itself seemed to have either zero or very basic safeguards. They seemed to be operating on the basis of "We'll never lose that data", which is a very bad position for data security to start from. Particularly as it is claimed they fell prey to a simple SQL injection.

    "Not EG - Purchese and Yin-Poole."

    All I can point to is that you made specific mention of Eurogamer. If you had mentioned Purchese and Yin-Poole, I wouldn't have pointed that out. But you did. So I did.

    "And if you want to check, look at other major GAMING websites - e.g. IGN, Gamespot - they have NOT reported this hack (as of Saturday) on their gaming portals as the hack is not PlayStation-related."

    Stories:

    Gamespot Story Posted Friday 3rd June

    and

    http://uk.gear.ign.com/articles/117/1172... - IGN Story Posted Thursday 2nd June.

    Seeing as I tend not to read either of those sites, I had to go searching. It took me less than aminute to find articles from both sites, using the search query "sony pictures".

    Your use of capital letters in the quote above could be for emphasis, but I get the feeling that you're getting a little bit annoyed. Might I suggest that in future you divert some of that energy to performing even a rudimentary investigation before making such definite and vehement assertions?
    Edited by bioreit at 06/06/11 @ 20:21

  • man.the.king #110 12 months ago

    @bioreit

    "Meaning that the reporting of Sony non-gaming website hacks are, at least peripherally, relevant for Eurogamer to report on. But that's just my take, which I was offering as a counterpoint to your assertive question that "If just the name "Sony" is enough to warrant reporting a Sony Pictures website hack (even though it has nothing to do with gaming), then shouldn't the stealing of SSL certificates from Microsoft via hacking also have been reported?" "

    Which, in itself, was a response to coolbritannia's claim that the common name "Sony" in SCE and SP was reason enough - it's a comment earlier in this thread.

    But I admit that the chronology of events may lend a certain rationale (albeit misguided imo) to reporting this hack here. But in the interests of fairness, I still maintain that any and all hacks related to the parent companies (MS, Sony, Nintendo, Apple) should be reported from now on. And I'm willing to go out on a limb and say that if something similar (similar events - XBL hack, MS general hack) were to happen with MS, the pro-MS elements of EG would not report this. I say this based upon my experience being a reader of EG since 2006 (or 7).

    "Particularly as it is claimed they fell prey to a simple SQL injection. "

    Isn't SQL Injection what LulzSec claims? Do we have any independent verification of that? Or are we accepting everything LS claims now as to be the absolute truth?

    "All I can point to is that you made specific mention of Eurogamer. If you had mentioned Purchese and Yin-Poole, I wouldn't have pointed that out. But you did. So I did."

    Quite true - I should have been more specific. I'll try to correct that in the future.

    "I suggest you look harder then:
    Gamespot Story Posted Friday 3rd June"

    I did - I'm in the US - I checked IGN and Gamespot, not the UK versions. As of Saturday, I did not see any stories related to this on these websites. I also Googled, applied News filter, but didn't see any Game websites reporting this - just general News sites. Nor did I see this on any of the game sites I usually frequent. So, understandable mistake imo.

  • bioreit #111 12 months ago

    @man.the.king

    "Which, in itself, was a response to coolbritannia's claim that the common name "Sony" in SCE and SP was reason enough - it's a comment earlier in this thread."

    I see. Sorry - due to lack of quotes plus distance between yours and coolbritannia's comments I didn't link them together, particularly with the EG comment.

    "I say this based upon my experience being a reader of EG since 2006 (or 7)"

    Not to say that individuals won't have any bias at all - they're human for crying out loud - I've been a reader since 2002 and I well remember all of the massively pro-Sony, anti-Microsoft bias claims centred around the PS2 and original Xbox. It's swings and roundabouts, I'm afraid and although some of it is down to which writers they happen to employ at that certain point in time, a lot of it is just that news will always snowball in one particular direction for months or even years at a time and people perceive that as bias. Not saying that there isn't any - but it's just funny to those of us who remember the previous attacks on Eurogamer and its staffers.

    "Isn't SQL Injection what LulzSec claims? Do we have any independent verification of that? Or are we accepting everything LS claims now as to be the absolute truth? "

    I did say "claimed". I was very, very specific to make sure I put "claimed" in there, to illustrate that I wasn't asserting it as indisputable fact. Because until Sony reveals anything we can't know for sure - and I doubt they'd reveal that much information.

    "I also Googled, applied News filter........Nor did I see this on any of the game sites I usually frequent. So, understandable mistake imo. "

    Fair enough. One friendly suggestion - Google is nowhere near as omniscient as many people seem to think it is. The prevailing opinion can sometimes be almost an inversion of Rule 34 - "If it's not on Google, it doesn't exist".

    That's why I use built-in search engines quite a bit.

    Oooh - friendly tip number Two. If you are Googling for something from a specific site, add "site:eurogamer.net" (minus the quotes and using whatever URL you want) to only see results from that site in Google. For those instances when built-in search engines are useless.

  • man.the.king #112 12 months ago

    @bioreit

    "Not to say that individuals won't have any bias at all - they're human for crying out loud - I've been a reader since 2002 and I well remember all of the massively pro-Sony, anti-Microsoft bias claims centred around the PS2 and original Xbox. It's swings and roundabouts, I'm afraid and although some of it is down to which writers they happen to employ at that certain point in time, a lot of it is just that news will always snowball in one particular direction for months or even years at a time and people perceive that as bias. Not saying that there isn't any - but it's just funny to those of us who remember the previous attacks on Eurogamer and its staffers."

    Bias can be perceived as well as real. And as you say it can be also down to which writers present what information. However, what I'm referring to is the following practices:
    1) Inserting snide and snarky comments for a particular platform repeatedly
    2) Ignoring certain facts while selectively presenting only others
    3) Applying emphasis and de-emphasis at will based upon how it affects a certain platform
    There are others as well (afair) but this is what I came up with off the top of my head. These are some points I've observed repeatedly ever since I've started on EG. And the bias may be personal (for some writers) or editorial - as far as I've seen, EG is certainly guilty of checking which way the wind is blowing and then pandering to those sentiments. One of the main reasons I keep returning to the site is the (witty) quality of the comments. Even some of the trolls here are more articulate and smarter than reasonable posters on other gaming sites :)

    "I did say "claimed". I was very, very specific to make sure I put "claimed" in there, to illustrate that I wasn't asserting it as indisputable fact."

    I know you did, but your placement of it in the middle of the sentence kind of tended to de-emphasize that fact and give more weightage to "they fell prey to a simple SQL injection." If that was not your intention, apologies.

    "Fair enough. One friendly suggestion - Google is nowhere near as omniscient as many people seem to think it is. The prevailing opinion can sometimes be almost an inversion of Rule 34 - "If it's not on Google, it doesn't exist"."

    Agreed - and I do use built-in SEs too. However, I've seen that many times the built-in search engine results can be very imprecise, oftentimes requiring specific and/or precise input to get anywhere near valid results.

    "Oooh - friendly tip number Two. If you are Googling for something from a specific site, add "site:eurogamer.net""

    Already aware of that, but thanks all the same :)
    Edited by man.the.king at 06/06/11 @ 22:06

  • bioreit #113 12 months ago

    @man.the.king

    Coolio. Looks like we've exhausted this conversation topic then (as the only responses I can currently think of would seen to be repetition and therefore not worth it)!

    I'm pleased this hasn't degenerated into the semi-typical bout of insults, even when I did tell you something you already knew or I thought you were shouting :-)

  • man.the.king #114 12 months ago

    @bioreit

    "I'm pleased this hasn't degenerated into the semi-typical bout of insults, even when I did tell you something you already knew or I thought you were shouting :-) "

    If you were referring to the occasional use of caps, I wasn't shouting dude - just too lazy to use the HTML tags for bold formatting :)

    But yeah, I'm happy too - that this stayed a debate and did not devolve into an argument, as is wont to happen when the Internet is the medium :)