Thursday, June 2, 2011
Group Claims Fresh Hack of Sony Accounts
Lulz began posting messages to Twitter on Thursday about its "Sownage" campaign, and around 4:30 p.m. ET it posted links to download what it claimed was a giant cache of Sony user data.
The documents posted include names, passwords, e-mail addresses, home addresses and dates of birth for thousands of people.
Lulz said it grabbed the material by exploiting a vulnerability on a Sony page advertising the company's Ghostbusters franchise.
Lulz posted the website's address in its data dump, and encouraged fellow hackers to "tear the living shit out of it while you can; take from them everything!"
A statement posted on Lulz's site, titled "pretentious press statement," said "SonyPictures.com was owned by a very simple SQL injection." That type of attack exploits a Web application vulnerability.
Lulz's statement said Sony was "asking for it" by storing more than 1 million user passwords in plain text, instead of encrypting them.
"It's just a matter of taking it. This is disgraceful and insecure," Lulz said.
Lulz also said it had compromised "all admin details of Sony Pictures," including passwords, as well as 75,000 music codes and 3.5 million music coupons.
The previously unknown hacker group burst onto the scene this weekend with an attack on the website of PBS, which apparently drew their ire with a documentary on WikiLeaks.
Lulz posted a fake story on PBS.org announcing that rapper Tupac Shakur -- who has been dead for almost 15 years -- is alive and living in New Zealand.
at 4:03 PM