Sony Pictures is investigating a statement from hacking outfit LulzSec which claims it has nicked more than 1 million pieces of user data.
LulzSec posted that it had got into Sony’s databases and compromised users’ personal information, including passwords, email addresses, phone numbers, home addresses, and dates of birth. It had also downloaded all Sony opt-in data associated with their accounts.
News of the hack comes on the back of a clamp down on Sony security, so the fact that hackers got in will be bad news.
The data was carried in a plain text file posted to the hacking group’s site, and appeared to be at least genuine. AP tested it by calling a number listed by LulzSec as belonging Mary Tanning, 84, who lives in Minnesota. Tanning picked up the phone, and confirmed the rest of the details listed by LulzSec including her password, which she said she was changing.
She said she didn’t worry much as she was hardly online and didn’t have any cash.
Ever since Sony became heavy handed with hackers and removed the PS3’s ability to run Linux, the outfit has received a good kicking in its security assets.
A cyber-attack in April targeted credit card information through its PlayStation Network and Sony Online Entertainment network, and more than a 100 million user account details were nicked.
It turned out that while it was getting heavy with the hackers, Sony’s own security was as lax as Roman enforcement against double parking.
LulzSec said that none of the data it found was encrypted, and it was just a matter of stealing it.
It said security was disgraceful and insecure and Sony was asking for data to be stolen.
LulzSec recently hacked the website of PBS network in protest of a Frontline stitch up of WikiLeaks.