Hackers claim that they have managed to broke into Sony's computer networks and accessed the information of more than 1 million customers, the latest of several security breaches that hit the company.
Behind the hack is LulzSec, a group that claims attacks on U.S. PBS television and Fox.com. The group "proudly" said that it broke into servers that run Sony Pictures Entertainment websites and published the names, birth dates, addresses, emails, phone numbers and passwords of thousands of people who had entered contests promoted by Sony.
According to security firm Sophos, the data stolen includes:
- A link to a vulnerable sonypictures.com webpage.
- 12,500 users related to Auto Trader (Contest entrants?)
including birth dates, addresses, email addresses, full names, plain text passwords, user IDs and phone numbers.
- 21,000 IDs associated with a DB table labeled "BEAUTY_USERS" including email addresses and plain text passwords.
- ~20,000 Sony Music coupons (out of 3.5 million in the DB).
- Just under 18,000 emails and plain text passwords from a Seinfeld "Del Boca" sweepstakes.
- Over 65,000 Sony Music codes.
- Several other tables including those from Sony BMG in The Netherlands and Belgium.
"From a single injection, we accessed EVERYTHING," the hacking group said in a statement. "Why do you put such faith in a company that allows itself to become open to these simple attacks?"
Sony said it was investigating the breach claimed by LulzSec.
The group has been threatening to attack Sony since that time with a plan it called "The beginning of the end" for the company. In its boasting of the attack, the group provided details of its methods, encouraging other hackers to steal data from the site.
Sony has been under fire since hackers accessed personal information on 77 million PlayStation Network and Qriocity accounts, 90 percent of which are users in North America or Europe. Nobody has claimed responsibility for the April attack. Later, Sony revealed hackers had stolen data from 25 million users of a separate system, its Sony Online Entertainment PC games network.
Intruders also stole the names and e-mail addresses of about 2,000 customers at Sony Ericsson Mobile Communications AB's Canadian website, Sony said last month.
LulzSec also said on Thursday it had hacked into Sony BMG Music Entertainment Netherlands and Belgium.
Last week, Lockheed Martin and Google also disclosed that they were attacked by hackers.