Hacking group LulzSec claim to have successfully breached SonyPictures' defenses, nabbing over 1,000,000 unencrypted user passwords and posting a huge amount of data on infamous file-sharing site 'The Pirate Bay'. We're not hugely surprised, to be honest. I mean it's not as if the group were exactly quiet about their plans!
The culprits are unabashedly open about their reasons, and methods for doing so, posting their vendetta online for all to see.
Our goal here is not to come across as master hackers, hence what we're about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks? What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it.
Whilst 'they were asking for it' might not be an entirely justifiable defence for posting innocent user's personal details online, it is a bit worrying that Sony are having a bit of trouble getting their house in order. That said, we've only witnessed one side of things at the moment, with LulzSec blowing their own trumpet pretty hard, we might have to wait for the #Sownage hype dies down a bit before the full picture emerges.
No comment from Sony as yet. More on the story as we get it.