Back when Sony announced their Playstation Network and Qriocity services had been hacked, unleashed 77 million users’ personal details in the process, everybody knew it was bad. However, nobody realised that more than six weeks later, with the services still in various stages of restoration around the globe, Sony’s evidently laughable security would still be falling victim to marauding groups of hackers.
The torrent of bad press continued for Sony today as it became clear that another Sony property had been hacked – this time Sony Pictures. Although it is still unknown who perpetrated the original attack against Sony’s networks, subsequent attacks have been attributed to Anonymous splinter group LulzSec, and this latest hack seems to be their handiwork too.
LulzSec claim they used an SQL injection to gain access – similar to how they broke into a Sony BMG site just a few days ago. The difference in this latest hack is that LulzSec claim they found the roughly one million usernames and passwords they lifted stored in an unencrypted plain text file. To prove their point, the group released a dump of 50,000 samples.
Although another million users’ details is only a drop in the ocean compared to the over 100 million details Sony has already exposed, the fact that they are still operating insecure websites is incredible – we can only assume all of their technical staff have been pulled onto the PSN and Qriocity restoration, and so have been unable to secure their smaller domains in the meantime.
LulzSec also grabbed around 3.5 million coupon codes, as well as the database storing all admin information for the site.
This latest hack is troubling, but at this point completely unsurprising. The only question left at this point is how much worse can it get for Sony?
