Just when it looks like Sony was finally recovering from the PlayStation Network hack, it happened again. This time, it wasn't PSN, but Sony Pictures: hackers may have compromised 1 million SonyPictures.com user accounts, stealing personal information including e-mail addresses and passwords, as well as street addresses, dates of birth, and more. On top of that, the hacker group posted a file containing information on 50,000 users.
Apparently the hack wasn't even that difficult for LulzSec to pull off: Gizmodo quotes LulzSec as saying, "SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING."
In addition, none of the passwords were encrypted; instead, they were stored in plain text.
Keep in mind that Sony Pictures is an entirely different division of the company from Sony Computer Entertainment, the Sony subsidiary responsible for the PlayStation 3 and hit with April's PlayStation Network hack. Still, it's another black eye for a company that hasn't exactly garnered a good reputation security-wise in recent weeks.
We'll have more on PCWorld.com on this story as it develops, including tips on what you should do in case you fall victim to a data breach.
No comments:
Post a Comment