Sony investigating another hack

 
Man walks past Sony logo Sony has faced a torrid few weeks as its networks have become targets for hackers

Related Stories

Sony is investigating another hacking attack on one of its websites.

A group called Lulz Security claims to have broken into Sonypictures.com and accessed details of a million users.

Passwords, home addresses and other personal information relating to several thousand of the accounts was released online.

It is the third major hack to hit Sony since April when the PlayStation Network was targeted and the details of 77 million users compromised.

Details of the latest attack were made available on the recently created Lulz Security website

A LulSec press release said: "SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now.

"From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?"

Unprotected text

SQL attacks are generally regarded as one of the more straightforward ways of gaining unauthorised access to a website.

Start Quote

I'm not surprised by anything about Sony anymore”

End Quote Mikko Hypponen F-Secure

Typically, an attacker will attempt to bypass the username and password system by sending code or characters that confuse the site's programming.

The release also claims that user information on Sonypictures.com was stored in unencrypted, plain text format.

LulSec explained that it was unable to make the entire user database available, however it released a portion of it, totalling roughly 50,000 users.

Sony has yet to respond to the claims, but said in a tweet: "We are looking into the claims about reports of attacks on Sony Pictures websites. Please follow us for latest updates."

Mikko Hypponen, chief research officer at security firm F-Secure, said that another Sony breach had been almost inevitable.

"I'm not surprised by anything about Sony anymore," he told BBC News.

"It will be hard for a company of that size to make sure they are secure if someone wants to go and find holes."

Mr Hypponen said that Sony had become a preferred target of hackers because of the company's long history of vigorously defending its intellectual property.

Lulz Security website The Lulz website contains a few basic images along with details of its hacks

Most recently, it took legal action against a US hacker, George Hotz, who claimed to have cracked elements of the PlayStation's security.

"That was the turning point. But it is easy to hate Sony, starting with the CD rootkit in 2005," said Mr Hypponen, referring to an earlier scandal that erupted when it was discovered that some Sony music CDs had secretly installed copy protection software on users' computers.

Mystery hackers

Little is known about the LulSec group, although they have claimed responsibility for recent attacks on several websites in the USA - Fox, PBS and XFactor.

It is understood to be a separate organisation from Anonymous, the "hacker collective" which has been linked to a number of high profile web attacks including several on Sony sites.

The latest attack has, once again, raised questions about the strength of security employed by Sony and other companies holding sensitive user data.

Much of the information taken in the Sony hacks was unencrypted and easily readable.

Mike Smart from cryptography specialists Safenet said that many companies were only applying their highest security protocols to data such as credit card numbers.

He explained that other "social" information was often given minimal protection.

"People can get through the front door. Now we have got to the stage that we need to lock the inside doors and put our documents in a safe.

 

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

Comments

This entry is now closed for comments

Jump to comments pagination
 
 

Comments 5 of 33

 

More Technology stories

RSS

Features

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.