Sony getting its ass handed to it by hackers is becoming about as newsworthy as a netbook release, but this one is particularly brutal: Lulz Security just released a file containing over a million user logins. Home addresses included.
The Lulz crew says their gigantic dump includes:
Personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 "music codes" and 3.5 million "music coupons".
Not stuff you want floating around on MediaFire (and not something we're going to link to, out of respect for the privacy of that million plus).
So, why'd they do it this time? FOR THE LULZ? No. To teach a lesson, they say:
Our goal here is not to come across as master hackers, hence what we're about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?
As much as this is a shit move on their part, they have a good point. All of this extremely sensitive user data was stored in plain text, with zero encryption whatsoever. Sony is clearly beyond the palest pale of ineptitude when it comes to keeping their house in order. Their server rooms have had a screen door on them for the past month. Get it the hell together.