Among the invitations (too glaringly insecure to be called "flaws") found by John Bumgarner, CTO of the federally funded Internet security research company U.S. Cyber Consequences, was a sweepstakes app created for the 2001 Christmas season and defunct since then, that was designed to collect registrations and give registrees access to systems deeper in Sony's network.
Another pointed Bumgarner to a server running an identity management system that controlled access to and logins for the Sony Pictures Entertainment network.
As if some ignorant hacker could ever figure out a trick like that.
Sony told Reuters it fixed the flaws right away. This morning the search still led the way to a Sony login server, and another and another before I got tired of looking -- but not to the actual login data. Which, I suppose, is an improvement.