Lulz Security, the website that recently hacked into PBS.com to protest a Frontline documentary on WikiLeaks, says it has now hacked into Sony Pictures’ website, gaining access to account information and passwords to show how vulnerable the data is. From LulzSec’s website:
We recently broke into SonyPictures.com and compromised over 1,000,000 users’ personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 “music codes” and 3.5 million “music coupons”.
What’s worse is that every bit of data we took wasn’t encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it’s just a matter of taking it. This is disgraceful and insecure: they were asking for it.
If true (LulzSec says in its release “we invite anyone with the balls to check for themselves that what we say is true”), this is the latest hacking problem for Sony, which is still recovering from massive breaches to its PlayStation Network and Qriocity VOD service after a cyber-attack in April, for which Sony chief Howard Stringer belatedly apologized, adding to the PR nightmare.