A group claimed, on Thursday, to have hacked into several Sony websites using a rudimentary programme and stolen the data of a million account holders.
The attack on Sonypictures.com and two other Sony websites in Netherlands and Belgium represented a new embarrassment for the Japanese electronics giant, which is still struggling to cope with a massive breach of its online entertainment networks in April.
The latest attack was carried out by a group calling itself Lulz Security. The group said on its website that it launched the attack to expose Sony’s faulty security and that all the data it took was in plain text rather than encrypted.
The group said the attack was carried out using SQL Injection, “one of the most primitive and common vulnerabilities, as we should all know by now.” “From a single injection, we accessed everything. Why do you put such faith in a company that allows itself to become open to these simple attacks?” the group said in a statement.
The group published a selection of the information it took from Sony, including thousands of names, addresses and passwords of people who had entered Sony competitions.