Under-fire Sony in new data breach by hackers
TECH giant Sony was last night rocked by another massive data breach.
The latest attack has left hackers exulting, customers steaming and security experts questioning why basic safety measures haven't been made to the company's crisis-stricken cyber-security programme.
Hackers claim to have stolen a massive amount of personal information from Sony Pictures' website using a basic technique, which they claim shows how poorly the company guards its users' secrets. Security experts agreed yesterday, saying that the company's security was bypassed by a well-known attack method that could easily have been prevented.
"Any website worth its salt these days should be built to withstand such attacks," said Graham Cluley, of web security firm Sophos. Coming on the heels of a massive security breach that compromised more than 100 million user accounts associated with Sony's PlayStation and online entertainment networks, Mr Cluley said the latest attack suggested that hackers were lining up to give the company a good kicking.
"They are becoming the whipping boy of the computer underground," he said.
California-based Sony Pictures has so far declined to comment beyond saying that it is looking into the reported attack -- which saw many users' names, home addresses, phone numbers, emails and passwords posted on the internet.
It wasn't clear how many people were affected. The hackers, who call themselves Lulz Security -- a reference to the internetspeak for "laugh out loud"-- boasted of compromising more than one million users' personal information, although it said that a lack of resources meant it could only leak a selection on to the internet.
The group ridiculed Sony for the ease with which it stole the data, saying that the company stored people's passwords in a simple text file -- something it called "disgraceful and insecure".
On the micro-blogging site Twitter Lulz Security expressed no remorse at its actions.
"Hey innocent people whose data we leaked: blame Sony," it said.