A second hacker wanted in connection to LulzSec's attack on Sony Pictures has been arrested by the FBI according to VentureBeat. LulzSec, a group of hackers who declared a "50 Days of Lulz" war on various entities, is shrouded in secrecy, not unlike online activists/hackers Anonymous. The difference between the two groups, for those keeping score, is that unlike Anonymous, who often champion a societal cause they deem right, LulzSec just does what they do "for the lulz" (for fun or because they can).
LulzSec has since disbanded (though, do hackers ever really disband?) since their "50 Days of Lulz," however; the group published codes online to download music from the Sony Pictures website in an effort to "plunder those 3.5 million music coupons while they can." As a reaction to the hack, Sony pulled down their Playstation Network for almost a month, while they regrouped and better prepared their online defenses, should LulzSec strike again. The group even took to Twitter to taunt Sony during the hacks, stating (via CNET) "Hey @Sony, you know we're making off with a bunch of your internal stuff right now and you haven't even noticed? Slow and steady, guys."
LulzSec responded to Sony's shutting down of the Playstation Network with the following tweet: "You Sony morons realize we've never attacked any of your precious gaming, right?" the group tweeted."
Sony added, "In addition, we promptly took offline all potentially affected databases containing personally identifiable information and contacted the U.S. Federal Bureau of Investigation. We are working with the FBI to assist in the identification of those responsible for this crime."
Raynaldo Rivera of Tempe, Arizona was arrested by the FBI and has apparently pled guilty, according to CNET. While the group boasted that the information of around a million people was successfully stolen, Sony stated that it was closer to around 37,000 individuals who had their information pilfered by the group. In a statement from Sony at the time (via CNET), "we believe that one or more unauthorized persons may have obtained some or all of the following information that you may have provided to us in connection with certain promotions or sweepstakes: name, address, email address, telephone number, gender, date of birth, and website password and user name."
According to Information Week, LulzSec pointed out that Sony's information wasn't even encrypted, "from a single injection, we accessed everything," LulzSec said in a statement. "What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it."