Sony is under fire once again as a hacker group named LulzSec managed to access passwords and other user data of over 1 million SonyPictures.com accounts. LulzSec claims a single SQL injection attack granted access to Sony's database, the sensitive data wasn't even encrypted, it was stored as plaintext.
The hackers, who call themselves LulzSec or the Lulz Boat, said they exploited the Sony Pictures website via a SQL injection attack.
"We recently broke into SonyPictures.com and compromised over 1,000,000 users' personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts," the group said in a Pastebin post. "Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 'music codes' and 3.5 million 'music coupons.'"
The group released 150,000 records gleaned during its attack, saying it didn't have time to copy more. Those records also include material taken from exploited databases for Sony BMG in the Netherlands and Belgium, which contained further information about website users as well as employees.