Hacker group Lulzec claimed yesterday to have gained access to over a million usernames and passwords on servers run by Sony Pictures, the movie arm of the Japanese tech giant.
In a message on Twitter, the group said "1,000,000+ unencrypted users, unencrypted admin accounts, government and military passwords saved in plaintext. #PSN compromised. @Sony". The group also released a torrent file containing around 71,000 email addresses and passwords claimed to be from the hack. ZDNet UK has seen this file but cannot confirm its contents.
In a statement included in the torrent file, the group said: "We recently broke into SonyPictures.com and compromised over 1,000,000 users' personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 "music codes" and 3.5 million "music coupons".
"SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. [...] What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext"
Lolzsec has previously claimed the credit for hacks on the web sites of American media organisations PBS and Fox.
Sony has only recently restored service on its PlayStation Network after another hack exposed around 70 million user IDs on that service. Reuters reports that Sony has said it is investigating the Sony Pictures claims.