Sony Hacking 2 Electric Boogaloo: 1 Milllon Account compromised, Lulzsec to blame - Polidicks

[URL]http://www.huffingtonpost.com/2011/06/02/sony-pictures-hacked-lulzsec_n_870615.html[/URL] [QUOTE]Sony reportedly suffered yet another hack attack on Thursday. This time, a group of hackers claims to have accessed the SonyPictures.com servers and compromised personal data belonging to one million customers. Hacker group LulzSecurity, fresh off its retaliatory attack on a PBS website over a Wikileaks documentary, claimed responsibility for the Sony hack. In a release posted on the group's website, [B]the hackers claimed they obtained "personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts." The group also claimed that the hack "compromised all admin details of Sony Pictures (including passwords) along with 75,000 'music codes' and 3.5 million 'music coupons.'"[/B] Shockingly, Lulzsec alleged that Sony left this information unencrypted and exposed to relatively elementary attacks:[QUOTE] Our goal here is not to come across as master hackers, hence what we're about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks? What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it. [/QUOTE]While working to recover from the massive PlayStation Network hack that affected millions of customers around the world in April, Sony faced harsh criticism for the network's vulnerabilities and eventually promised that PSN security had been dramatically increased. If Lulzsec's accusations about Sony Pictures are true, Sony may have to rethink security measures for all its online properties. Sony reportedly spent over $170 million after the PSN hack to cover the cost of identity theft insurance for customers, hacking investigators, tighter site security and more. The company even hired a Chief Information Security Officer. Even still, Sony has asserted that "no system is 100 percent safe."[/QUOTE] Their Twitter: [url]http://twitter.com/#!/lulzsec[/url]

Hackers are so edgey.

Wow, It actually happened? Sucks to be them, their about to be fucked by Sony, their probably 12 year old script kiddies.

I'm getting tired of these motherfucking hackers screwing with Sony. It's long since stopped being funny and I can't wait until the FBI tracks down whoever's behind the twitter account and takes him down.

[QUOTE=killover;30208320]Wow, It actually happened? Sucks to be them, their about to be fucked by Sony, their probably 12 year old script kiddies.[/QUOTE] Because a few kids with Python can severely cripple a large, multinational corporation's online activities.

okay fine I won't ask questions ever again

oh joy they just released the whole user info on piratebay and Pastebin [editline]2nd June 2011[/editline] [QUOTE=Turnips5;30208425]Is this really all happening because of the root key leak and geohot's treatment?[/QUOTE] From what i am seeing Lulzsec's mission is to Show how horrible Major International Companies security is

[QUOTE=Turnips5;30208425]Is this really all happening because of the root key leak and geohot's treatment?[/QUOTE] no

[QUOTE=killover;30208320]Wow, It actually happened? Sucks to be them, their about to be fucked by Sony, their probably 12 year old script kiddies.[/QUOTE] if 12 year olds can hack a multi billionaire corporation like sony, then their IT department must be a composed of fugitive mental institution patients. get your head out of your ass

[QUOTE=Wii60;30208427]oh joy they just released the whole user info on piratebay and Pastebin [editline]2nd June 2011[/editline] From what i am seeing Lulzsec's mission is to Show how horrible Major International Companies security is[/QUOTE] Yeah, and make the users suffer. GREAT LOGIC.

Oh god, their site is annoying! [url]http://lulzsecurity.com/[/url] BACKGROUND MUSIC

These guys are such egotistical pricks HURR LOOK HOW EPIC WE ARE HURR DURR EPIC LULZ ANONYMOOS IS LEGION

fuck lulzsec

[QUOTE=Diet Kane;30208482]These guys are such egotistical pricks HURR LOOK HOW EPIC WE ARE HURR DURR EPIC LULZ ANONYMOOS IS LEGION[/QUOTE] They said they wern't part of Anon either. they are their own separate entity

I hope they're not thinking anyone likes them for this.

Holy fuck you guys stop hacking Sony for a fucking month? Go dick with Microsoft or Nintendo or Apple or fucking anyone.

[QUOTE=Wii60;30208503]They said they wern't part of Anon either. they are their own separate entity[/QUOTE] they're still riding off the same stupid EPIC LULZ shit causing downtime and fucking with consumers doesn't get you anywhere, it just shows what a prick you are

An SQL injection it seems You could have asked anyone, absolute anyone in the programming and webdev section, and a load of other people about this and they would have said "hurr durr, sanitise your database inputs where's that xkcd" Sony are morons. Sure, its not their fault, but they may as well just be handing out root passwords Edit: Though, the LULZSEC people really just need to fuck off.

[quote=Lulzsec]What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it.[/quote] Mind = blown.

hell, they're just spouting shit how does anyone know any of this is true? this is like how people believed those morons who were like "I HAD ONE MILLION DRAGON DILDOS TAKEN FROM MY BANK ACCOUNT BY EVIL HACKERS"

Is your name really ";SELECT * FROM `users`?

It are Liars.

[QUOTE=Gustafa;30208573]Mind = blown.[/QUOTE] You would believe a group of fucking weirdo hackers when their #1 mission is to make sony look bad?

[url=http://twitter.com/#!/LulzSec/status/76379693607165952]Twitter[/url] [QUOTE]Uh-oh #PSN... Linux sdk-pct06.station.sony.com 2.6.18-164.15.1.el5 #1 SMP Wed Mar 17 11:30:06 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux[/QUOTE] they didn't even update the PSN servers from a old as shit version of linux [editline]2nd June 2011[/editline] [QUOTE=Diet Kane;30208598]hell, they're just spouting shit how does anyone know any of this is true? this is like how people believed those morons who were like "I HAD ONE MILLION DRAGON DILDOS TAKEN FROM MY BANK ACCOUNT BY EVIL HACKERS"[/QUOTE] On the twitter account they have enough proof on there that they uploaded to various popular torrent/file sharing sites i will not mention because i think mentioning them is against the forum rules

[QUOTE=FlapadarV2;30208606]Is your name really ";SELECT * FROM `users`?[/QUOTE] We call him little Jimmy Users!

[QUOTE=Diet Kane;30208544]they're still riding off the same stupid EPIC LULZ shit causing downtime and fucking with consumers doesn't get you anywhere, it just shows what a prick you are[/QUOTE] An international corporation that does business and handles millions of user's sensitive account information should be smart enough to encrypt it. Lulzsec are doing a good thing by revealing how truly unsafe your data is online, and that you shouldn't entrust sensitive information to someone just because they have a lot of money. Lulzsec aren't directly attacking the users whose information has been leaked, the people who choose to log in and mess with people's accounts are. Blame Sony, not Lulzsec.

The key word here is 'claimed'.

Aw shit. At least I got to download my L.A. Noire DLC.

[QUOTE=Kopimi;30208728]An international corporation that does business and handles millions of user's sensitive account information should be smart enough to encrypt it. Lulzsec are doing a good thing by revealing how truly unsafe your data is online, and that you shouldn't entrust sensitive information to someone just because they have a lot of money. Lulzsec aren't directly attacking the users whose information has been leaked, the people who choose to log in and mess with people's accounts are. Blame Sony, not Lulzsec.[/QUOTE] They still are supplying the people who choose to do that with peoples account information. I mean great job you sure did show Sony but throwing the customer under the bus is not the right way.

[QUOTE=Sharker;30208739]The key word here is 'claimed'.[/QUOTE] Friend sent me a link to the release page on their site which has a list of 13,000 working email/password combinations, but I lost it. They're not just "claiming" to have the data, it's been published and is on their site right now.