Hackers claim another raid on Sony accounts

It was supposed to be the day Sony clawed back some pride. Yesterday morning, the company announced that its PSN network was back online after the biggest hacking attack in history more than a month earlier.

Last night, though, the Japanese manufacturer was dealing with another disaster, after hackers claimed to have broken into its network yet again, saying they had stolen more than one million users' personal account details and posted them online.

The hackers claimed the data taken during the attacks on Sony and BMG included passwords, email addresses, home addresses, dates of birth and all Sony opt-in data associated with their accounts. A statement from the hackers read: "Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 'music codes' and 3.5m 'music coupons'."

The "hacktivist" group LulzSec claims to have carried out the attack – as well as recent ones on the PBS and Fox networks.

On its Twitter account, the group said it had also stolen "unencrypted admin accounts, government and military passwords saved in plaintext" [sic]. The alleged hacking is the latest in a series to be carried out on high profile companies and heaps more embarrassment on the highest profile of them all: Sony. In early May, The Independent reported rumours in the hacking community that the company was to be the target of another group of hacktivists.

And, later that month, Lulzsec – now famous for its defacing of the PBS website with a fake story about dead rapper Tupac Shakur still being alive – tweeted: "Working on another Sony operation... this is the beginning of the end for Sony."

Yesterday, before releasing the information it said it had stolen in an operation it has called "Sownage" (Sony ownage), it taunted the Japanese manufacturer, tweeting: "Hey [Sony], you know we're making off with a bunch of your internal stuff right now and you haven't even noticed? Slow and steady, guys."

A message from the hacktivists, posted last night on a site hosting the file, claimed that the stolen data within came from "internal Sony networks and websites, all of which we accessed easily and without the need for outside support or money".

It added that the affected sites were SonyPictures.com, the site for the company's film and television wing, and Sony-owned record label BMG. The hacktivists asserted that they had not released all of the information they had access to online "due to a lack of resource". They said they were unable to fully copy all of the information and released samples in a bid to prove their authenticity. That included around 39,000 email addresses and passwords, 12,500 more with home addresses, as well as dates of birth. Details of hundreds of BMG users were also released.

They added that SonyPictures.com was hacked by taking advantage of "one of the most primitive and common vulnerabilities". The statement said: "What's worse is that every bit of data we took wasn't encrypted.

"Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it."

A Sony spokesman could not be contacted last night but reportedly told technology blog thisismynext.com that the company was "looking into these claims".

Comments