X-Factor US hackers hit Sony Pictures Entertainment

Before you rush to your PlayStations and check the PSN is still running, fear not, the latest Sony hack was targeted at their movies site.

Attributed to notorious hacking outfit Lulzsec, Sony Pictures Entertainment has had its website interfered with by a simple SQL injection. A reported 1 million usernames were obtained, including those of admin and members of the government. Also removed was no less than 3.5 million Sony Music coupons, all of which has been wrapped up in a package and posted on P2P site thePirateBay.

Lulzsec's Twitter feed revealed the hack:

"1,000,000+ unencrypted users, unencrypted admin accounts, government and military passwords saved in plaintext. #PSNcompromised".

Which was then followed by:

"Don't worry, our site has received attacks non-stop since literally 2 minutes after we tweeted it - doesn't affect leaks in the slightest," and, "website smooth or shaky, rain or shine, down or up, the hacks and leaks will always continue, even if twitter suspends our account. :D".

Lulzsec is well known for its hacking antics, recently posting the entire list of X-Factor contestants' names, phone numbers and addresses, which Pocket-lint has seen. The group also recently hacked the PBS News Hour site, creating a fake story which said Tupac was secretly alive in New Zealand.

The latest hack couldn't come at a worst time for Sony, who only fully restored its PlayStation network today. We expect its security teams will be pretty much wiped out by now.

In a statement from Lulzsec, relating to what they call "Sownage", the group went into details as to why the attack was carried out:

"SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?"

They then went on to say:

"This is an embarrassment to Sony; the SQLi link is provided in our file contents,and we invite anyone with the balls to check for themselves that what we say is true. You may even want to plunder those 3.5 million coupons while you can."

Bored of hacking? Or should Sony be more secure...



>