Hackers Attack Another Sony Network; Post Data on 1 Million Users
LulzSec, a group that claims attacks on U.S. PBS television and Fox.com, said it broke into servers that run Sony Pictures Entertainment websites. It published the names, birth dates, addresses, emails, phone numbers and passwords of thousands of people who had entered contests promoted by Sony.
“From a single injection, we accessed EVERYTHING,” the hacking group said in a statement. “Why do you put such faith in a company that allows itself to become open to these simple attacks?”
The security breach is the latest cyber attack against high-profile firms, including defense contractor Lockheed Martin and Google.
LulzSec’s claims came as Sony executives were trying to reassure U.S. lawmakers at a hearing on data security in Washington about their efforts to safeguard the company’s computer networks, which suffered the biggest security breach in history in April.
Sony has been under fire since hackers accessed personal information on 77 million PlayStation Network and Qriocity accounts, 90 percent of which are users in North America or Europe.
Sony said at the time credit card information may have been stolen, sparking lawsuits and casting a shadow over its plans to combine content and hardware products via online services. Nobody has claimed responsibility for the April attack.
It later revealed hackers had stolen data from 25 million users of a separate system, its Sony Online Entertainment PC games network, in a breach discovered on May 2.
Sony said it was investigating the breach claimed by LulzSec and declined to elaborate. Sony shares in Tokyo fell 0.6 percent on Friday, in line with the broader market.
The latest attack, unlike that on the PlayStation Network, was not on a revenue-generating Website and was likely to have no impact on earnings, analysts said.
Reuters confirmed the authenticity of the data on several contestants that LulzSec said it had published.
CYBER SECURITY
Cyber security is quickly rising up the agenda for global policymakers.
The Australian government said on Friday it will develop a cyber defense strategy and the United States said in a report in May that hostile acts in cyberspace would be treated just like any other threat to the country.
The hacking attack on Lockheed may have compromised the safety of SecureID tokens made by EMC Corp., while that on Google targeted, among others, senior U.S. government officials’ data.
“These allegations are very serious,” U.S. Secretary of State Hillary Clinton said of the Google attack, which the Internet giant said appeared to originate in China.
In the latest attack on Sony, the U.S. Federal Trade Commission could choose to review the circumstances leading up to the breach if Sony Pictures Entertainment failed to use proper procedures for protecting the data of its customers.
John Bumgarner, chief technology officer for the U.S. Cyber Consequences Unit, a nonprofit group that monitors Web threats, said he was not surprised that Sony’s systems had again been breached.
“The system was unsecure,” said Bumgarner, who last month warned of a string of security vulnerabilities across Sony’s networks that he had identified.
He said he found vulnerabilities in the Sony Pictures Entertainment network as recently as last weekend.
The first hacking attacks in April prompted Sony to shut down its PlayStation Network and other services for close to a month.
The PlayStation games network and Qriocity, a video and music service, are back online except for some operations in Japan, South Korea and Hong Kong.
Representatives criticized Sony in the Congressional hearing for waiting several days to notify customers of the breach.
LulzSec has claimed responsibility for several hacks over the past month. It said it defaced the U.S. PBS television network’s websites, and posted data stolen from its servers on Monday to protest a “Front Line” documentary about WikiLeaks.
It has also broken into a Fox.com website and published data about contestants for the upcoming Fox TV talent show, “X Factor.”
LulzSec also said on Thursday it had hacked into Sony BMG Music Entertainment Netherlands and Belgium. It previously disclosed an attack on Sony Music Japan.
(Additional reporting by Diane Bartz in Washington, Mayumi Negishi in Tokyo; Editing by Steve Orlofsky, Richard Chang and Muralikumar Anantharaman)