3 Jun 2011

Sony networks hacked again

Hackers say they have broken into Sony’s servers within a day of the electronics giant getting the network back up and running after the last attack.

A group of hackers says it has accessed data from Sony (Reuters)

A group called LulzSec says it has got hold of the personal information of more than one million customers.

The group, which claims to have also attacked the American TV companies PBS television and Fox.com, said it broke into servers that run Sony Pictures Entertainment websites.

It found the names, birth dates, addresses, emails, phone numbers and passwords of thousands of people who had entered contests promoted by Sony.

In a statement, the group called its attack “simple” and said: “From a single injection, we accessed EVERYTHING.”

Sony has been under pressure since April, when hackers accessed personal information on 77 million PlayStation Network and Qriocity accounts, 90 percent of which are users in North America or Europe.

Who are LulzSec? 

They fancy themselves as pirates, taunting on Twitter: "Keep on crying, Sony fanboys. Your tears create the sea and your whining creates the wind that we so gracefully use to traverse onward." Their anti-Sony campaign is dubbed "Sownage", short for "Sony ownage". Lulz Security, or LulzSec, claimed responsibility for the attack on the US TV companies PBS television and Fox.com. They posted a fake news item on PBS.org that claimed Tupac Shakur was alive and well in New Zealand.

Most recently they have said that they are the ones who hacked the servers that run the Sony Pictures Entertainment websites, compromising the personal information of more than 1 million SonyPictures.com users. LulzSec do not claim to be master hackers, rather "a team of entertainment and security experts that specialise in the production of malicious comedic cybermaterials." A layer of defiant humour and sarcasm is spread across their website and Tweets, and they are dedicated to exposing the security flaws of large companies.

That they are not master hackers should come as a shock to those who observe how LulzSec were able to "own" SonyPictures.com using a "very simple" SQL injection - a common code injection technique that exploits security vulnerabilities in databases.

Nobody has claimed responsibility for that attack.

Sony later revealed hackers had also stolen data from 25 million users of a separate system, its Sony Online Entertainment PC games network, in a breach discovered on 2 May.

The network was down for more than a month, and only fully restored on Thursday 2 June.

Sony says it is investigating the latest breach has and declined to comment further.

Read more: computer experts on how to protect your data from a network hack