Sony Hacks – I need to keep this stored so if it mysteriously disappears online elsewhere I am able to refer to it in the future:
Sony Denies Fresh PlayStation Network Hack
Published May 18, 2011
Visitors at the Sony Building in downtown Tokyo play Sony’s PlayStation 3.
Sony’s PlayStation Network password-reset page, built following a weeks-long outage after hackers breached the company’s network and compromised over 100 million online accounts, is itself temporarily offline — for security reasons, the company said.
But it’s not another hack, Sony insisted in a blog post late Wednesday.
“Contrary to some reports, there was no hack involved,” wrote Patrick Seybold, Sony’s senior director of corporate communications and social media. “In the process of resetting of passwords there was a URL exploit that we have subsequently fixed.”
The page was built to encourage PlayStation users to reset their passwords after Sony reinstated the PlayStation Network, a system that links gamers worldwide in online play. But that password reset page is itself down following discovery of the security flaw.
Gaming website Nylevia had discovered the flaw on Tuesday, which let hackers change any account’s password simply by entering an email address and a birth date.
“Despite the methods currently employed to force a password change when you first reconnect to the PlayStation network, your accounts still remain unsafe,” Nyleveia.com wrote. “A new hack is currently doing the rounds in dark corners of the Internet that allows the attacker the ability to change your password using only your account’s e-mail and date of birth.”
The site did not provide additional details, citing security concerns.
“We for rather obvious reasons do not want to elaborate further on the exact details of the exploit, on the off chance that when the web based interface for PSN is restored the exploit has not been patched,” wrote the site, which claimed to have alerted Sony to the exploit.
Early in May, Sony denied claims that the PlayStation.com website was hacked as well, following outages at that site. The company chalked the outage up to a new security measure rather than the work of hackers as first suspected.
Sony was heavily criticized over its handling of the network intrusion. The company did not notify consumers of the breach until April 26 even though it began investigating unusual activity on the network April 19.
Sony had at the time that personal data from 24.6 million user accounts was stolen in the hacker attack last month. Personal data including credit card numbers might have been stolen from another 77 million PlayStation accounts, said Sony Computer Entertainment spokesman Satoshi Fukuoka.
He said Sony has not received any reports of illegal uses of stolen information, and the company is continuing its probe into the hacker attack. He declined to give details on the investigation.
Last month, U.S. lawyers filed a lawsuit against Sony on behalf of lead plaintiff Kristopher Johns for negligent protection of personal data and failure to inform players in a timely fashion that their credit card information may have been stolen. The lawsuit seeks class-action status.
By Doug Aamoth on June 2, 2011
Another of Sony’s websites has reportedly been hacked—this time around, the victim is SonyPictures.com. The group claiming responsibility for the breach, “LulzSec,” is the same group behind the recent PBS website hack.
A statement from the group reads, in part:
“SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks? What’s worse is that every bit of data we took wasn’t encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it’s just a matter of taking it. This is disgraceful and insecure: they were asking for it.”
The group grabbed more than just passwords, too, according to another part of the statement:
“We recently broke into SonyPictures.com and compromised over 1,000,000 users’ personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 ‘music codes and 3.5 million ‘music coupons’.”
At the moment, the SonyPictures.com website appears to be running normally, but that’s not to say that the aforementioned hack didn’t happen as everything that reportedly went on would happen behind the scenes. Boing Boing is reporting that the user info and millions of music coupons have already been made available on The Pirate Bay.
Sony has yet to comment on the matter.
(via Boing Boing)
Sony hack: private details of million people posted online
Hackers have attacked Sony and stolen the private details of more than a million people in the latest security breach to hit the electronics giant.
Another hack at Sony; 120 passwords go online
Another breach at Sony; 120 passwords from Sony Europe website claimed by hacker
LONDON (AP) — A hacker claims to have stolen names and passwords belonging to 120 users of Sony Europe’s website and published them to the Internet.
It’s the latest in a series of attacks which have hammered the electronics multinational. Security researchers have counted about a dozen breaches since the beginning of this year, including two particularly serious ones which exposed 100 millions users’ personal details.
The latest attack was claimed by “Idahc,” who self-identifies as a Lebanese hacker. The Associated Press has been able to verify several of the exposed names.
A U.S.-based spokeswoman for Sony Corp. has not returned an email seeking comment.
The website allegedly hacked into was down for “scheduled maintenance” Saturday.