Sonypictures.com hacked, users’ password not encrypted?
Reading the news from BBC, I couldn’t believe well not that their site were hacked but users password were not encrypted? How could a huge company such as Sony would do that. Imagine, even a WordPress site or simple blog such as this, password is encrypted.
According Lulz Security who claims to have broken into Sonypictures.com and accessed details of a million users, they have gain access with just a simple SQL injection (a code issued that exploits a security vulnerability occurring in the database).
Lulz says,
“SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now.
“From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?”
Reports says, it has been the third major hack to hit Sony since April when the PlayStation Network was targeted and the details of 77 million users compromised.
Sony tweeted in respond to the claims of Lulsec, ”We are looking into the claims about reports of attacks on Sony Pictures websites. Please follow us for latest updates.”
Source: http://www.bbc.co.uk/news/business-13636704
[...] a series of attacks to Sony’s PS3 Network, it seems inevitable to similar sites. Nintendo, makers of Wii has become the latest company to [...]
[...] LulzSec group hacked commercial sites like Sony, Nintendo even government sites like CIA, Arizona Department of Public Safety and even UK’s [...]
[...] days about LulzSec, a group hackers who haved hacks both government sites and commercial sites like Sony, Nintendo and CIA.gov but eventually announces that they’re ending cyber [...]
[...] suspected hackers is a global government effort after a series of attacks on corporations such as Sony, Nintendo, Amazon, PayPal, even government agencies such as CIA, US Senate and the UK’s [...]