PBS Hackers: We cracked Sony Pictures, compromised 1M accounts

Hacker group LulzSec, which claimed responsibility for breaking into PBS’ news website NewsHour, said it has broken into Sony’s movie site SonyPictures.com and compromised information about 1 million users.

The attacks could signal the emergence of another hacktivist group in LulzSec, one that takes up politically and other morally motivated attacks like hacker group Anonymous. The hacker group also posted a way to get into the Sony Pictures site — inviting readers to “plunder those 3.5 million music coupons while they can.” The group previously said it was targeting Sony in retaliation for how it handled the downtime and bringing the PSN back online. The group previously attacked PBS because of a feature called “WikiSecrets,” which shed an unfavorable light on WikiLeaks.

[aditude-amp id="flyingcarpet" targeting='{"env":"staging","page_type":"article","post_id":297241,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,media,","session":"D"}']

“We recently broke into SonyPictures.com and compromised over 1,000,000 users’ personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts,” the hacker group said in its official release. “Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 ‘music codes’ and 3.5 million ‘music coupons.'”

The hacker group said it was a simple SQL injection attack that allowed it to break into the network and steal information about the site’s users. It also said that the information it stole was not encrypted — another jab at Sony, which has faced criticism about its security after hackers were able break into the company’s online gaming network, the PlayStation Network (PSN). Purdue University security expert Dr. Gene Spafford told Congress that security experts knew Sony was running outdated versions of the Apache Web server software for the PSN that did not have a firewall installed.

Members of the LulzSec group were able to break into the PBS site several days ago and post a fake story that said rapper Tupac Shakur was still alive. It was the third high-profile hacking attack on a private network in a little more than a month. But now the group has apparently turned its eyes on Sony, which was forced to bring down the PSN and beef up security as a result of an earlier attack by an as-yet unidentified hacker group. A cyber attack on Sony’s PlayStation Network (PSN) led to hackers stealing sensitive information from potentially more than 100 million PSN and Station.com users.

The group has been quick to remind everyone that it is not a part of Anonymous — which regularly takes up political causes and sometimes commits hacks like this for amusement. Those within Anonymous — an amorphous and loosely associated group of hackers that are regulars on message boards like 4chan — typically use the term “lulz” to describe the amusement they get out of hacks like these.