Another day, another Sony site hacked. It appears that the hacking group known as LulzSec has successfully pulled off the hack of a Sony site that it hinted at yesterday. The assumption was that it was another attempt at one of the company’s gaming sites, but instead it turned out to be the Sony Pictures, the movie division of Sony, that got hit.
In a statement attributed to the hacking group, and brought to us via BoingBoing, they explain their actions.
Our goal here is not to come across as master hackers, hence what we’re about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks? What’s worse is that every bit of data we took wasn’t encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it’s just a matter of taking it. This is disgraceful and insecure: they were asking for it.
Sony has been a popular target as of late with hackers since their PlayStation Network was brought down several weeks ago. Since then we’ve also seen the Greek Sony BMG site get hit as well as Sony Music Japan.
In the past I have said that Sony’s sheer number of sites would make it a daunting task to go through and find every security hole, but don’t you think if you knew your company was a prime target you’d be having people working on this 24/7? Add in the fact that such a major company stored passwords in plain text, and whatever little sympathy I personally had for Sony is quickly ebbing away.
It’s time for Sony to act like the major international corporation it is and get its act together because this has officially become unacceptable.
What do you think of the fact that Sony still has so many security holes?
[ via BoingBoing]