New pwnage shows Sony broke promises to fix its security

LulzSec, thanks for revealing Sony hypocrisy; now can you stop punishing its customers?


Sony's PlayStation Store came back online this week, to the general approval of PlayStation fans.

The records of about 1 million Sony customers went up, too.

The records were posted by the hacking group LulzSec late Thursday afternoon as a demonstration that Sony had not fixed the fundamental, enterprisewide security flaw that had allowed hackers to take over a series of its other networks.

Though the group said its intentions were pure, posting the private information of a million customers is at least as damaging as if the breachers had been committed data thieves.

"Uh-oh #SonyPictures...," the group tweeted at LulzSec The Lulz Boat Thursday afternoon.

  • "1,000,000+ unencrypted users, unencrypted admin accounts, government and military passwords saved in plaintext. #PSN compromised. @Sony." LulzSec
  • "Hey innocent people whose data we leaked: blame @Sony," a member of the group tagged @joelsack tweeted.

The group is connected to Lulz Security Corp., which posted a press release about the hack, but was not responding due to what LulzSec tweeters said were "attacks [it had received] non-stop since literally 2 minutes after we tweeted [news of the data breach] - doesn't affect leaks in the slightest."

The leaks included usernames and passwords from Sony BMG and Sony Entertainment customers in the U.S., Netherlands and Belgium. The ridiculously long list, posted on the same public text-site as previous public-spirited breaches designed to show Sony's real security failures, is incomplete because LulzSec members couldn't copy the full content onto Pastebin.

Join us:






SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

Ask a Question