Sonypictures.com hacked, users’ password not encrypted?
Reading the news from BBC, I couldn’t believe well not that their site were hacked but users password were not encrypted? How could a huge company such as Sony would do that. Imagine, even a WordPress site or simple blog such as this, password is encrypted.
According Lulz Security who claims to have broken into Sonypictures.com and accessed details of a million users, they have gain access with just a simple SQL injection (a code issued that exploits a security vulnerability occurring in the database).
“SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now.
“From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?”
Reports says, it has been the third major hack to hit Sony since April when the PlayStation Network was targeted and the details of 77 million users compromised.
Sony tweeted in respond to the claims of Lulsec, ”We are looking into the claims about reports of attacks on Sony Pictures websites. Please follow us for latest updates.”