Hacktivists break into Sony Pictures database
Yesterday evening, hacktivists at LulzSec tweeted that they had managed to break into the Sony Pictures web site. The hackers claim that they had access to the personal data of administrators and more than a million users, including addresses, telephone numbers, email addresses and passwords – which Sony allegedly saved in unprotected plain text. To prove their success, the hackers posted thousands of data records publicly on the web.
In addition, LulzSec gained access to more than 3.5 million coupon codes along with the databases of SonyBMG's Dutch and Belgian branches. The hackers say they did not make a complete copy of the databases they had access to because of a lack of resources, claiming that "The Lulz Boat needs additional funding!", but also noting that it would have taken a few weeks to take all the information. The attack was based on an ordinary SQL injection hole on the web site for the film Ghostbusters.
The hackers had previously published excerpts from Sony Music Japan's database and also claimed responsibility for the break-in at US television broadcasters Fox and PBS. LulzSec always uses the Twitter microblogging service to make its announcements – few days earlier, the hackers had announced that Sony data would soon be published.
Sony became a popular target for net activists when the company pressed charges against PS3 hacker George Hotz in January. In April, the two parties reached an out-of-court agreement, but the attacks continue. It remains unclear who was responsible for the break-in at the PlayStation Network at the end of April, when more than 100 million customers' data was stolen. Users can only mitigate the risk to themselves by following the principle of using a different password for every web site.