Hackers have stolen names and passwords belonging to users of Sony Europe's website and published them to the Internet.
Europe - Another massive data breach at Sony has left hackers exulting, customers steaming and security experts questioning why basic fixes haven't been made to the Sony's cybersecurity program.
Hackers say they managed to steal a massive trove of personal information from Sony Pictures' website using a basic technique which they claim shows how poorly the company guards its users' secrets. Security experts agreed Friday, saying the company's security was bypassed by a well-known attack method by which rogue commands are used to extract sensitive data from poorly constructed websites.
"Any website worth its salt these days should be built to withstand such attacks," said Graham Cluley, of Web security firm Sophos. Coming on the heels of a massive security breach that compromised more than 100 million user accounts associated with Sony's PlayStation and online entertainment networks, Cluley said the latest attack suggested that hackers were lining up to give the company a kicking.
"They are becoming the whipping boy of the computer underground," he said.
In a joint statement from Michael Lynton, Chairman and Chief Executive Officer, and Amy Pascal, Co-Chairman, Sony Pictures Entertainment on Friday night acknowledged the breach and said the company had taken action "to protect against further intrusion."
"We have also retained a respected team of experts to conduct the forensic analysis of the attack," the statement said. It did not go into details about specific actions that will be taken to prevent future security breaches.
It wasn't clear how many people were affected. The hackers, who call themselves Lulz Security — a reference to the Internetspeak for "laugh out loud"— boasted of compromising more than 1 million users' personal information — although it said that a lack of resources meant it could only leak a selection on the Web. Their claim could not be independently verified, but several people whose details were posted online confirmed their identities to The Associated Press.
Lulz Security ridiculed California-based Sony for the ease with which it stole the data, saying that the company stored peoples' passwords in a simple text file — something it called "disgraceful and insecure."
Several emails sent to accounts associated with the hackers as well as messages posted to the microblogging site Twitter were not returned, but in one of its tweets Lulz Security expressed no remorse.
"Hey innocent people whose data we leaked: blame Sony," it said.
Sony's customers — many of whom had given the company their information for sweepstakes draws — appeared to agree.
It's the latest in a series of attacks which have hammered the electronics multinational. Security researchers have counted about a dozen breaches since the beginning of this year, including two particularly serious ones which exposed 100 millions users' personal details.
Europe - Another massive data breach at Sony has left hackers exulting, customers steaming and security experts questioning why basic fixes haven't been made to the Sony's cybersecurity program.
Hackers say they managed to steal a massive trove of personal information from Sony Pictures' website using a basic technique which they claim shows how poorly the company guards its users' secrets. Security experts agreed Friday, saying the company's security was bypassed by a well-known attack method by which rogue commands are used to extract sensitive data from poorly constructed websites.
"Any website worth its salt these days should be built to withstand such attacks," said Graham Cluley, of Web security firm Sophos. Coming on the heels of a massive security breach that compromised more than 100 million user accounts associated with Sony's PlayStation and online entertainment networks, Cluley said the latest attack suggested that hackers were lining up to give the company a kicking.
"They are becoming the whipping boy of the computer underground," he said.
In a joint statement from Michael Lynton, Chairman and Chief Executive Officer, and Amy Pascal, Co-Chairman, Sony Pictures Entertainment on Friday night acknowledged the breach and said the company had taken action "to protect against further intrusion."
It wasn't clear how many people were affected. The hackers, who call themselves Lulz Security — a reference to the Internetspeak for "laugh out loud"— boasted of compromising more than 1 million users' personal information — although it said that a lack of resources meant it could only leak a selection on the Web. Their claim could not be independently verified, but several people whose details were posted online confirmed their identities to The Associated Press.
Lulz Security ridiculed California-based Sony for the ease with which it stole the data, saying that the company stored peoples' passwords in a simple text file — something it called "disgraceful and insecure."
Several emails sent to accounts associated with the hackers as well as messages posted to the microblogging site Twitter were not returned, but in one of its tweets Lulz Security expressed no remorse.
Sony's customers — many of whom had given the company their information for sweepstakes draws — appeared to agree.
No comments:
Post a Comment