If you click on a link and make a purchase we may receive a small commission. Read our editorial policy.

Sony suffers fresh website hack

"They were asking for it."

Sony is investigating a hack that's seen thousands of usernames and passwords posted on the internet.

Group LulzSec has claimed responsibility for the breach just days after it said on Twitter it was attacking Sony and making off with internal data.

The hackers published the names, birthdates, addresses, emails, phone numbers and passwords of thousands of people who had entered competitions promoted by Sony Pictures.

LulzSec said that a single SQL Injection flaw led them to more than one million clear text passwords, 3.5 million "music coupon" codes, and 75,000 "music codes".

None of the information it took from Sony was encrypted, the hackers claimed.

"Our goal here is not to come across as master hackers, hence what we're about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now," the group said on its website.

"From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?

"What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it."

Sony Pictures this morning responded on Facebook. "We know many members of the Sony Pictures community may have questions related to recent news reports about attacks on SonyPictures.com and related Sony Pictures Entertainment websites," Sony said.

"We are looking into these claims and will let you know as soon as we have more information. Please continue to follow Sony Pictures on Facebook and Twitter for updates as they become available."

The Sony Pictures hack comes hot on the heels of the attack on PlayStation Network that saw personal details tied to 77 million accounts compromised.

Only this week did Sony turn the PlayStation Store on after over a month of outage.

Yesterday Sony Network Entertainment president Tim Schaaf defended the Japanese company's online security at a US House Energy and Commerce panel hearing, saying it suffered "quite a remarkable attack".

Will you support Eurogamer?

We want to make Eurogamer better, and that means better for our readers - not for algorithms. You can help! Become a supporter of Eurogamer and you can view the site completely ad-free, as well as gaining exclusive access to articles, podcasts and conversations that will bring you closer to the team, the stories, and the games we all love. Subscriptions start at £3.99 / $4.99 per month.

Tagged With

About the Author

Wesley Yin-Poole avatar

Wesley Yin-Poole

Deputy Editorial Director

Wesley is deputy editorial director of ReedPop. He likes news, interviews, and more news. He also likes Street Fighter more than anyone can get him to shut up about it.

Comments

More News

Latest Articles

Supporters Only

Eurogamer.net logo

Buy things with globes on them

And other lovely Eurogamer merch in our official store!

Eurogamer.net Merch