News

Sony hit by another major data breach

Warwick Ashford

Sony has been hit by another major data breach just as it restored its PlayStation Network and online entertainment services after the personal data of up to 100 million users was stolen in April.

Hacker group Lulz Security (LulzSec) claims it has accessed the servers hosting Sony Pictures Entertainment and obtained the e-mail addresses, birth dates and passwords of more than one million users.

Sony says it is aware of LulzSec's statement and is investigating, according to BBC reports.

The claims came as Sony said it had restored its PlayStation Network after nearly a month and assured customers that it had beefed up its network security.

Review of online security

Last month, Sony chief executive Howard Stringer said the company was conducting a major review of online vulnerabilities.

The company has estimated the data breach will result in a $170m (£104m) hit to its operating profit, but pundits say the cost of reputational damage is likely to be much greater.

LulzSec claims to have hacked into an unencrypted database using the well-known SQL injection attack method.

"This is disgraceful and insecure: they were asking for it," the statement said.

Critical of Sony's security

Sony is yet to confirm the breach, but LulzSec posted samples of the stolen data on the LulzSec website, and security experts are taking the group's claims seriously, according to the Financial Times.

LulzSec has been identified by security researchers as a talented spin-off from Anonymous, the paper said.

The group has posted a series of critical comments about Sony through its @LulzSec Twitter account.

"I'm loving how people think they can take down lulzsecurity.com - cloudflare back-up pages storing 100% of our Sony releases. Nice try!" said one posting.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy