In an assault the fact that celebration is calling, “Sownage”, the celebration states to possess completely compromised the leisure giant making utilization of the extremely basic technique. The celebration released the subsequent advertising release:
We recently broke into SonyPictures.com and compromised greater than 1,000,000 users’ individual information, such as passwords, e-mail addresses, home addresses, dates of birth, and all Sony opt-in information linked to their accounts. among other things, we also compromised all admin particulars of Sony pics (including passwords) with one another with 75,000 “music codes” and 3.5 million “music coupons”.
Due to some deficiency of source on our part… we experienced been unable to completely duplicate all with this information, however we have good examples in your circumstance within our information to prove its authenticity. In concept we could have used each and every and every last tad of information, however it might have used many a whole whole lot more weeks.
Our target right here is to not occur throughout as master hackers, therefore what we’re going to reveal: SonyPictures.com was owned and operated with a extremely easy SQL injection, among one of the most primitive and common vulnerabilities, as we should all know by now. from the solo injection, we accessed EVERYTHING. Why can you founded this sort of faith in a really business that permits alone to turn into available to these easy attacks?
What’s even worse is on the way to be the reality that each and every and every tad of information we took wasn’t encrypted. Sony saved greater than 1,000,000 passwords of its consumers in plaintext, which signifies it’s only a make any difference of getting it. this could be disgraceful and insecure: they experienced been asking for it.
This can be an embarrassment to Sony; the SQLi web page link is supplied within our document contents, and we invite anybody using the balls to look at for by themselves that what we say is true. you may even desire to plunder all those 3.5 million coupon codes even although you can.
Included within our assortment are databases from Sony BMG Belgium & Netherlands. These also incorporate varied assortments of Sony individual and staffer information.
While some inside the information that Lulzsec factors to possess previously been used offline and couldn’t be verified, what goes on to be (which consists of individual login information and plain word passwords) after once more consists of a damning oxygen of authenticity. With Sony recently possessing promised to discover from its mistakes, when greater than 100 million individual accounts experienced been compromised, possessing a whole whole lot more enormous lists of delicate information released poses embarrassing inquiries concerning its protection states and credentials. Again.