Most Read: Business

DJIA
-0.47%
NASDAQ
-0.56%
 Last Update: 4:15 PM 03/03/2015(NASDAQ&DJIA)

World Markets from      

 

Other Market Data from      

 

Key Rates from      

 
Faster Forward
Posted at 05:56 PM ET, 06/02/2011

LulzSec releases Sony data


Tim Schaaff, president of Sony Network Entertainment International, right, and Jeanette Fitzgerald, general counsel with Epsilon Data Management LLC, testify at a House Energy and Commerce subcommittee hearing on data security Thursday. (Andrew Harrer - BLOOMBERG)
The hacker group LulzSec on Thursday posted information it took from Sony Entertainment and Sony BMG on its site, called the LulzBoat.

The information includes about a million usernames and passwords of customers in the U.S., Netherlands and Belgium and is available for download and posted on the group’s site.

A release posted on LulzSec’s page said the group has more, but can’t copy all of the information it stole. The group also said none of the information it took from Sony was encrypted.

“Our goal here is not to come across as master hackers, hence what we’re about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now,” the group wrote. “From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?”

“This is disgraceful and insecure,” the group said. “They were asking for it.”

LulzSec is not believed to be involved in the Sony breaches that resulted in 77 million user accounts being compromised in April, and the group has denied that it has ever attacked the PlayStation Network.

Jim Kennedy, executive vice president of Global Communications for Sony Pictures Entertainment, said in a statement, “We are looking into these claims.”

In a congressional hearing Thursday, Tim Schaaf, president of Sony Network Entertainment International, said the company supports standard legislation that would require companies to provide timely, accurate information on breaches and to provide customers with resources to combat the effects of an attack.

He also defended the methods Sony used to protect consumer passwords on its PlayStation Network and Qriocity service. When asked why the data was hashed instead of encrypted, he said it was standard industry practice.

On Wednesday, Sony finally restored its PlayStation Store, which had been down for a month following the April cyberattack.

Related stories:

LulzSec to release Sony data this afternoon

Sony PlayStation store back online

Sony, Epsilon to testify during breach hearing

PHOTOS: Top consumer gadgets

By  |  05:56 PM ET, 06/02/2011

Tags:  Gaming, Security

 
Read what others are saying
     

    © 2011 The Washington Post Company