LulzSec, a hacker group, claims to have hacked the Sony Pictures website and exposed the information of thousands of Sony users.
LulzSec actually claims it could have accessed and stolen “every last bit of information” from the website. However, it didn’t have the time and funding to do so. Their leak was just a “sample” to prove “authenticity,” i.e. the fact that they did hack Sony.
The group leaked three sets of user information.
The first was Sonypictures.com AutoTrader users database. This leak was particularly egregious because it contained full name, date of birth, full postal address, gender, phone number, Sony password, and email.
From this set of information, it’s conceivable that scammers can commit identity theft.
The second was Sonypictures.com Summer of Restless Beauty users database. This database only contained email address and Sony password. The third was Sonypictures.com Seinfeld Del Boca Vista database, which also only contained email address and Sony password.
There are two main risks for the Summer and Seinfeld leaks. One, the emails will likely be added the mailing list of spammers. Two, if the users recycle their passwords (i.e. use the same passwords they gave to Sony for everything else), anyone can conceivablely access their email accounts and other website accounts (e.g. Facebook, Twitter, etc.)
LulzSec claims to have hacked Sony with “a very simple SQL injection, one of the most primitive and common vulnerabilities.” Moreover, it claimed Sony stored its users’ information in plaintext, which was “disgraceful and insecure.”
LulzSec doesn’t exactly feel sorry for the victims of its Sony leaks. It tweeted: “Hey innocent people whose data we leaked: blame @Sony.”