Sony’s reputation as a computer security pygmy has deepened again, with the latest hack seeing it apparently lose a million user accounts to hackers.
Reportedly, hackers used yet another SQL injection attack to break into the database of SonyPictures.com, making off with the account details of a million users, including names, addresses, email addresses, and passwords, though mercifully not credit card details.
No confirmation is yet forthcoming from Sony, but the perpetrators have helpfully posted all the data obtained online, something unlikely to endear them to Sony customers.
The group claiming responsibility for this hack has also taken things a step further, having been publicly taunting and threatening Sony via Twitter for some time.
Some of their latest gloating:
“From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?
What’s worse is that every bit of data we took wasn’t encrypted. Sony stored over 1,000,000 passwords of its customers in plain text, which means it’s just a matter of taking it.
This is disgraceful and insecure: they were asking for it.”
Sony has now lost well over 100 million accounts to hackers – certainly an abject lesson in the wisdom of trusting big corporations to safeguard user data.