new: 1 million Sony users hacked

[vietboi2]

On the same day that Sony Corp. finally managed to restart its PlayStation Store service, a new group of hackers claimed to have successfully bypassed the company's online security, compromising a further one-million Sony customers account information.


The hacking group LulzSec has claimed responsibility for the latest attack. In a post on its Twitter page the group wrote, "1,000,000+ unencrypted users, unencrypted admin accounts, government and military passwords saved in plaintext. #PSN compromised. @Sony".

Since the attack the group has posted images and text files of the data it reportedly stole. The files included information regarding the names, birth dates, addresses, emails, phone numbers and passwords of users who entered Sony competitions run by its Pictures Entertainment Website.

The group cited its reason for the attack as to demonstrate the inherent weakness of Sony's security. In a subsequent release entitled "Sownage" the group wrote:

"Our goal here is not to come across as master hackers, hence what we're about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now.

"From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?"

The post continued, "What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it."

The attack is not the first the group has claimed responsibility for. To date LulzSec has claimed successful cyber attacks on PBS Television and Fox.com.

The cyber attack is the latest in what seems to be a growing trend. Already as well as Sony, two other big name games developers have reported similar attacks.

The high-end security firms RSA Security and L-3 Communications which both provide support to numerous companies and government agencies have also recently been targeted.

Worse still, today the recent attack on Google's Gmail service has led to questions pertaining to a possible security breach on the U.S. Government's White House networks.

The latest hack from LulzSec comes just after Sony managed to finally restore full PSN service early yesterday morning.

The service was deactivated after an earlier successful cyber attack which compromised up to 100 million PSN users account information, forced the company to deactivate the network.

Already having suffered an estimated $177 million loss as a result of the first hack, since news broke on its latest possible security breach Sony share prices have once again fallen.

Reuters has issued a subsequent report claiming to have verified the information posted by LulzSec as authentic.

Sony has issued a statement reporting that it is currently investigating LulzSec's claims.

http://uk.ibtimes.com/articles/156879/20110603/sony-hack-lulzsec-security-psn-playstation-network-hackers-security-breach-3-4.htm

 

[Moot]

Hacking group LolzSec:

"We recently broke into SonyPictures.com and compromised over 1,000,000 users' personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts.

"Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 "music codes" and 3.5 million "music coupons"."

------

Story can be found in any mainstream news provider's website.
Sony are not responding to questions as of yet.

 

[Moot]

Yeah it's bad news. Sony are not ready to run a secure operation.
Wrong section by the way, not gaming related, I made a post on the Internet, computers section about it.

 

[ashes619]

You have got to be 🤬 kidding me. Can all hackers get a life. All we want to do is play our games online in peace.

I give up. I will never go online again.

 

[Luminis]

Well, the hackers are surely the ones at fault, but after falling prey to it once, I think they Sony are the ones to be accused here, moreso than the hackers, even.

If your bank stores your money in a big pile right behind the glas doors and loses it to the first guy to knock that door down, you'd be just as pissed at them as you'd be at the robber, wouldn't you?
Not incorporating decent security systems is just plain foolish.

 

[AlexGTV]

^No Luminis, they have whole brains. The thing is hackers have 1.1 brains. Time for Sony to hire some top-class hackers worthy of its name.

 

[Joel]

These hackers just don't get it. They're not fighting the good fight, they're just pissing everyone off.

 

[Luminis]

Seeing what was stated in the other thread in the Videogames forum, it appears that they didn't even encrypt the data:

On the same day that Sony Corp. finally managed to restart its PlayStation Store service, a new group of hackers claimed to have successfully bypassed the company's online security, compromising a further one-million Sony customers account information.


The hacking group LulzSec has claimed responsibility for the latest attack. In a post on its Twitter page the group wrote, "1,000,000+ unencrypted users, unencrypted admin accounts, government and military passwords saved in plaintext. #PSN compromised. @Sony".

Since the attack the group has posted images and text files of the data it reportedly stole. The files included information regarding the names, birth dates, addresses, emails, phone numbers and passwords of users who entered Sony competitions run by its Pictures Entertainment Website.

The group cited its reason for the attack as to demonstrate the inherent weakness of Sony's security. In a subsequent release entitled "Sownage" the group wrote:

"Our goal here is not to come across as master hackers, hence what we're about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now.

"From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?"

The post continued, "What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it."

The attack is not the first the group has claimed responsibility for. To date LulzSec has claimed successful cyber attacks on PBS Television and Fox.com.

The cyber attack is the latest in what seems to be a growing trend. Already as well as Sony, two other big name games developers have reported similar attacks.

The high-end security firms RSA Security and L-3 Communications which both provide support to numerous companies and government agencies have also recently been targeted.

Worse still, today the recent attack on Google's Gmail service has led to questions pertaining to a possible security breach on the U.S. Government's White House networks.

The latest hack from LulzSec comes just after Sony managed to finally restore full PSN service early yesterday morning.

The service was deactivated after an earlier successful cyber attack which compromised up to 100 million PSN users account information, forced the company to deactivate the network.

Already having suffered an estimated $177 million loss as a result of the first hack, since news broke on its latest possible security breach Sony share prices have once again fallen.

Reuters has issued a subsequent report claiming to have verified the information posted by LulzSec as authentic.

Sony has issued a statement reporting that it is currently investigating LulzSec's claims.

http://uk.ibtimes.com/articles/156879/20110603/sony-hack-lulzsec-security-psn-playstation-network-hackers-security-breach-3-4.htm

And THAT's somethign I wouldn't think someone with half a brain would. I actually thought they would've learned somethign from it.
And not hiring an expert after you've got yourself burned doesn't take a roccket scientist. But getting burned twoce because you didn't learn a thing from the first time?!

 

[Pyle_PMG]

This is why I'm not buying a PS3. And hackers, there's no point to what you're doing to PSN. Aren't there Government Databases that would be much more fun to hack?

 

[Luminis]

Aren't there Government Databases that would be much more fun to hack?

These are probably much, much harder to break into, I'd think. It's much more fun to suceed at something, right?

 

[AlexGTV]

Gasp! I refrain, they have worm nymphs brains!

 

[ashes619]

These are probably much, much harder to break into, I'd think. It's much more fun to suceed at something, right?

It sure is .

 

[Moot]

It sure is .

You don't need to hack government databases, you just need to buy their old computers or wait for an employee to leave their laptop in a cafe or train.
As historical evidence shows us that's what happens.

 

[daan]

Merged 2 threads together

 

[Racedude]

You have got to be 🤬 kidding me. Can all hackers get a life. All we want to do is play our games online in peace.

These hackers just don't get it. They're not fighting the good fight, they're just pissing everyone off.

And hackers, there's no point to what you're doing to PSN. Aren't there Government Databases that would be much more fun to hack?

All of that. Seriously, why does people have to make others miserable just because they are? It just sucks.

And hacking IS NOT justice, it's a crime. So is piracy. And identity theft. If hackers want to make a social revolution, they are doing it wrong. They just piss me off.

 

[Luminis]

And hacking IS NOT justice, it's a crime.

True. But, still, asking for it to happen, like Sony did... I wonder who comitted the bigger crime here.

 

[irnbrutwinturbo]

I'm all for the hacking community doing what they do best. It's only when something like this happens that the media are all over it, and then people start thinking about how careless they are with individuals personal information.

As a whole, we share too much personal information.

It wouldn't surprise me if half the people in this forum would be in serious trouble if thier email service disappeared overnight.

Be smart, have an offline proof of your life as well as an online.

 

[GeekCred]

If this is accurate, and the media information coming out seems to suggest that it is, it goes so far beyond the point of being awkward, embarrassing, unprofessional, and a shot reputation that it's outrageous.

If you don't have bulletproof security, you probably shouldn't be inciting hackers by trying to make examples out of them (Geohot).

I'm making it a point to keep any important personal info out of Sony's systems.

 

[Digitool]

This is why the last time I updated my sony information i gave fake info.

I don't blame the hackers, if you wanna try to break it, try... I blame sony FULLY for not being able to protect its customers.

I think Sony should be bound in our user agreement to provide adequate security to our private information and passwords, and am surprised a massive class action lawsuit hasn't been started yet.

This is disappointing, but I guess I'm glad I've got an Xbox 360 as well so I can play Forza in the meantime.

 

[GeekCred]

I don't blame the hackers, if you wanna try to break it, try... I blame sony FULLY for not being able to protect its customers.

Exactly, it's not incumbent upon hackers to not hack, it's incumbent upon Sony to provide adequate protection for it's consumers.

surprised a massive class action lawsuit hasn't been started yet.

There's at least one very public class action out there from the prior breech.

I have to add from the article regarding: "passwords saved in plain text". There's absolutely, positively, NO EXCUSE for that. Any half-wit junior DBA would know that's not acceptable. If that's true, it's just plain negligent, and f'ing dumb. PERIOD. Don't mean to kick Sony when they're down, and anyone can make a mistake, but damn, this is just astonishing.

 

[Luminis]

Exactly, it's not incumbent upon hackers to not hack, it's incumbent upon Sony to provide adequate protection for it's consumers.

There's at least one very public class action out there from the prior breech.

I have to add from the article regarding: "passwords saved in plain text". There's absolutely, positively, NO EXCUSE for that. Any half-wit junior DBA would know that's not acceptable. If that's true, it's just plain negligent, and f'ing dumb. PERIOD. Don't mean to kick Sony when they're down, and anyone can make a mistake, but damn, this is just astonishing.

Agreed with all of the above. What's getting to me is that the bank I'm working for would've been torn to pieces and would've probably went out of buisiness if a breach even remotely as big as that at Sony would've taken place. Just because of the customers loosing trust in a company that doesn't give a rat's behind about protecting the information about its customers.

and Sony seems to be moving on as if nothing ever happened... I just can't get my head around that. I'm just glad I never used any truthful information on any of Sony's online services.

See, I never had a bias against eiter of the big console manufacturers, I just went with what offered the best value to me, but I sure as hell will be steering clear of anything coming from Sony that's in any way, shape or form connected to the internet. For the time being, at least.

 

[Mr. CoolFiat]

THis better not FFF up our online gaming service again... because that would piss the sh** out of me... I am pretty damn pissed at Sony for being such JACKASSES!!!

 

[G.T]

Surely Sony should hire hackers to try and make the network less more secure (if this hack is true at all). Because they are the ones who will know the vulnerabilities?

 

[Robin]

Surely Sony should hire hackers to try and make the network less more secure (if this hack is true at all). Because they are the ones who will know the vulnerabilities?

Companies do, you often find ex hackers now working in companies to develop good security systems. This is almost like thier job interview

 

[CaptainHarlock]

Well, the hackers are surely the ones at fault, but after falling prey to it once, I think they Sony are the ones to be accused here, moreso than the hackers, even.

If your bank stores your money in a big pile right behind the glas doors and loses it to the first guy to knock that door down, you'd be just as pissed at them as you'd be at the robber, wouldn't you?
Not incorporating decent security systems is just plain foolish.

You know what, I keep hearing that. Is there a form letter everyone is getting? Or is it just convenient to repeat the same thing over and over?

Here's the thing; how do you know? Seriously. How do you know that they kept it "behind the glass doors"? Because everyone on the internet says so? Because you say so? Because it's been repeated over and over? Goebbels called that "The Big Lie". It's been repeated so often that now everyone who wants to believe it, does.

All of that is irrelevant in any case. It's still a crime. There's no justification by saying "they deserved it". By your logic if you park your car in the street and someone steals it, then it's YOUR fault. Well you should have had it in a locked garage, instead in your driveway where EVERYONE can see it. I'm sure you'd scream bloody murder if the police blamed you and refused to help.

 

[Racedude]

^That guy's right.

 

[CaptainHarlock]

Agreed with all of the above. What's getting to me is that the bank I'm working for would've been torn to pieces and would've probably went out of buisiness if a breach even remotely as big as that at Sony would've taken place. Just because of the customers loosing trust in a company that doesn't give a rat's behind about protecting the information about its customers.

and Sony seems to be moving on as if nothing ever happened... I just can't get my head around that. I'm just glad I never used any truthful information on any of Sony's online services.

See, I never had a bias against eiter of the big console manufacturers, I just went with what offered the best value to me, but I sure as hell will be steering clear of anything coming from Sony that's in any way, shape or form connected to the internet. For the time being, at least.

Again, how do you know? You're taking everyone's word on the internet for it.

I'm sure banks HAVE been breached. MasterCard, American Express, Amazon, NYSE, even the CIA have been breached, as well as Google this week. Now are you going to say the same thing about them? I'm sure you've ordered stuff from Amazon, are you going to "steer clear" of them?

Here's a sobering reality; for someone who claims to have such concern for your personal information, you've probably exposed yourself many, MANY times in the past without a second thought. A simple act such as handing your credit card to a bartender or a waiter. Not shredding a receipt properly. Even having a magazine subscription and you throw out the old issues. Heck, even the issues sitting in your mailbox are a potential risk! Anybody can just come along, peek in your box and get your name and address. So are you going to cancel your subscription to Sports Illustrated now?

Everyone acts like this started with Sony, but this type of thing has been going on for a LONG time.

 

[CaptainHarlock]

Companies do, you often find ex hackers now working in companies to develop good security systems. This is almost like thier job interview

Breaking the law is not a "resume builder".

The other thing that everyone is neglecting, it was Sony Pictures. Not the Playstation Network. For those who seem to only play video games, Sony does a whole lot more than that. The other thing is what do they stand to gain more by doing? Claiming "success"? Or saying "Uh, we tried... but it was just too hard"?

 

[Luminis]

You know what, I keep hearing that. Is there a form letter everyone is getting? Or is it just convenient to repeat the same thing over and over?

I'd say that's because it's one of the easiest comparisons to fall back on, if that topic is involved.

Here's the thing; how do you know? Seriously. How do you know that they kept it "behind the glass doors"? Because everyone on the internet says so? Because you say so? Because it's been repeated over and over? Goebbels called that "The Big Lie". It's been repeated so often that now everyone who wants to believe it, does.

And you're taking Sony's word that they've not been careless with the data? Sound's like the pot is calling the kettle black, doesn't it? Dunno, but I haven't heard of that many companies that got hacked like that and have been mocked for being that easily hacked. Did you?

All of that is irrelevant in any case. It's still a crime. There's no justification by saying "they deserved it". By your logic if you park your car in the street and someone steals it, then it's YOUR fault. Well you should have had it in a locked garage, instead in your driveway where EVERYONE can see it. I'm sure you'd scream bloody murder if the police blamed you and refused to help.

Uh, I never, ever said it's not a crime so you might want to calm down a bit.
What I'm saying is: If someone is stealing your car, that's a crime. If you didn't bother to lock it and even left the keys lying on the dashboard for everyone to see, aren't you at fault as well? Now, if a friend of mine had my car over the weekend and someone stole it because he didn't bother to even lock it and take the key with him, you can bet your behind I'd be mighty pissed at him as well. Probably even moreso than at the guy who stole, because he expressed no concern for what I gave to him.

Again, how do you know? You're taking everyone's word on the internet for it.

I'm sure banks HAVE been breached. MasterCard, American Express, Amazon, NYSE, even the CIA have been breached, as well as Google this week. Now are you going to say the same thing about them? I'm sure you've ordered stuff from Amazon, are you going to "steer clear" of them?

Yeah, I sure as hell will be steering clear of almost everything that could compromise my personal data, at least as far as anything that involves money is concerned (including iTunes, Amazon and whatever online shop you've got, I've never been a friedn of online shopping...) - and, personally, I think quite alike about any company that has had a breach like that. But, you know, I know of only one that has by now been breached twice within less than three months.

Here's a sobering reality; for someone who claims to have such concern for your personal information, you've probably exposed yourself many, MANY times in the past without a second thought. A simple act such as handing your credit card to a bartender or a waiter. Not shredding a receipt properly. Even having a magazine subscription and you throw out the old issues. Heck, even the issues sitting in your mailbox are a potential risk! Anybody can just come along, peek in your box and get your name and address. So are you going to cancel your subscription to Sports Illustrated now?

I guess you know me fairly well, eh? Anyways, what you're mixing a bit up here is that I'm in charge of that stuff and it's only my informations. Someone's going to look through my garbage? Fine, that's my information, not that of a million of customers. Big difference there. Both in what they'd get in terms of actual data and in the incentive to even do that in the first place.

Everyone acts like this started with Sony, but this type of thing has been going on for a LONG time.

Yeah, and in all that time, I haven't heard of a company falling prey to such an attack twice that fast and being mocked about not using proper security like that.

Or is there such a case I'm not aware of? If you could point a company out that had that happen to it in that short a period of time, or a few of them, rather, of similar size to a multinational corporation like Sony, where a comparable amount of data was compromised, I'd like to read about that, for sure.

All in all, I agree with you that hackers are bad. That's a given, Our world would be a much nicer place if there were no people commiting crimes of any sort.

Breaking the law is not a "resume builder".

Sadly, in this case, it is. Rewarding someone for their wrongdoings sucks, but, hey, if you need that knowledge for the greater good, then you'll have to do just that.

The other thing that everyone is neglecting, it was Sony Pictures. Not the Playstation Network. For those who seem to only play video games, Sony does a whole lot more than that.

So, uh... If you've burned your right hand on a fire, I guess you would've learned not to reach into a flame with your left hand as well.

The other thing is what do they stand to gain more by doing? Claiming "success"? Or saying "Uh, we tried... but it was just too hard"?

I know what would be the biggest success, on a personal level, though: "It was friggin' hard, but we did it anyways!"
And most certainly not: "It was childs play, everyone could've done it."

 

[CaptainHarlock]

I'd say that's because it's one of the easiest comparisons to fall back on, if that topic is involved.

You're "falling back" because that's the intellectually LAZY thing to do. It's easier to agree with the cognoscenti than to form your own opinion. I don't know of you're familiar with this, being from Germany, but there's a group here in the United States called Birthers, whom of which claim that our current president was not born in this country. Why do they believe that? Because it's easier to go along with a mob mentality and be part of a movement, than it is to accept the truth, even when the evidence is clear

And you're taking Sony's word that they've not been careless with the data? Sound's like the pot is calling the kettle black, doesn't it? Dunno, but I haven't heard of that many companies that got hacked like that and have been mocked for being that easily hacked. Did you?

I'm not "taking Sony's word" for it, but I'm sure as hell not taking some guy on the internet that I wouldn't know from Adam's word. And I just rattled off numerous companies that were hacked into. The only reason why you're paying such close attention to this one, is because you think it's "special because it's video games". Just because it falls outside your field(s) of interest, doesn't mean it hasn't happened in the past

Uh, I never, ever said it's not a crime so you might want to calm down a bit.
What I'm saying is: If someone is stealing your car, that's a crime. If you didn't bother to lock it and even left the keys lying on the dashboard for everyone to see, aren't you at fault as well? Now, if a friend of mine had my car over the weekend and someone stole it because he didn't bother to even lock it and take the key with him, you can bet your behind I'd be mighty pissed at him as well. Probably even moreso than at the guy who stole, because he expressed no concern for what I gave to him.

No, but you certainly are ready to say that Sony may have, but asking "who committed the bigger crime". If that's not an indictment I don't know what is.

Yeah, I sure as hell will be steering clear of almost everything that could compromise my personal data, at least as far as anything that involves money is concerned (including iTunes, Amazon and whatever online shop you've got, I've never been a friedn of online shopping...) - and, personally, I think quite alike about any company that has had a breach like that. But, you know, I know of only one that has by now been breached twice within less than three months.

Well at least you're treating them like everyone else.

I guess you know me fairly well, eh? Anyways, what you're mixing a bit up here is that I'm in charge of that stuff and it's only my informations. Someone's going to look through my garbage? Fine, that's my information, not that of a million of customers. Big difference there. Both in what they'd get in terms of actual data and in the incentive to even do that in the first place.

My point is that you are laying blame on Sony and throwing them under the bus, when you've more than likely thrown YOURSELF under the bus, and repeatedly so. Your data is exposed EVERY DAY. Whether it's from hackers, or a con man who rummages through your trash. So unless you want to be some paranoid nutcase and live in a cave somewhere, you're never going to be as safe as you'd like to believe, and that's not entirely Sony's doing.

Yeah, and in all that time, I haven't heard of a company falling prey to such an attack twice that fast and being mocked about not using proper security like that.

Or is there such a case I'm not aware of? If you could point a company out that had that happen to it in that short a period of time, or a few of them, rather, of similar size to a multinational corporation like Sony, where a comparable amount of data was compromised, I'd like to read about that, for sure.

You asked for it.

http://www.dailytech.com/Gmail+Accounts+Hacked+Google+Suspects+Chinese+Involvement+/article21799.htm

http://www.wired.com/threatlevel/2010/01/operation-aurora/

And not just Google, but the Central Intelligence Agency!

First in 1996

http://www.cnn.com/TECH/9609/23/hackers.update/

http://www.timesonline.co.uk/tol/news/world/asia/article6961254.ece

And American Express...

http://news.cnet.com/AmEx,-Discover-forced-to-replace-cards-over-security-breach/2100-1017_3-235818.html

...and again in 2005.

http://news.cnet.com/Credit-card-breach-exposes-40-million-accounts/2100-1029_3-5751886.html

and MasterCard

http://www.huffingtonpost.com/2010/12/08/mastercard-deemed-unsafe-_n_794164.html

And take a look at this piece from Forbes.com

http://www.forbes.com/2009/03/31/visa-mastercard-security-technology-security-visa.html

All in all, I agree with you that hackers are bad. That's a given, Our world would be a much nicer place if there were no people commiting crimes of any sort.


Sadly, in this case, it is. Rewarding someone for their wrongdoings sucks, but, hey, if you need that knowledge for the greater good, then you'll have to do just that.

So, uh... If you've burned your right hand on a fire, I guess you would've learned not to reach into a flame with your left hand as well.

Here's the thing though; if you reward someone for their wrongdoings, aren't you just encouraging that behavior? There's a bizarre mindset amongst this set, it seems its okay if you want to prove a point. Well why should I have to suffer if you're that much of a megalomaniac that you want stroke your ego?

I know what would be the biggest success, on a personal level, though: "It was friggin' hard, but we did it anyways!"
And most certainly not: "It was childs play, everyone could've done it."

Since their goal was too "embarrass" Sony, what would be more "embarrassing"? Certainly the latter. And seeing how they haven't drawn much attention outside of the "geek" and video game community, I wouldn't even say that they've made that big of a splash.