LulzSec, the hacker group responsible for security breach of several high profile targets including CIA, FBI affiliate, Sony, Nintendo, Fox and PBS has released the stolen data from the SonyPictures.com which includes personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts. LulzSec tweeted moments ago providing the link to download the stolen data torrent through BitTorrent site 'The Pirate Bay'.
People are saying our CIA attack was the biggest yet, but it was really a very simple packet flood. This is our biggest: http://thepiratebay.org/torrent/6443601/Sownage: LulzSec tweeted.
In the note that appears on the linked page in the Pirate Bay LulzSec said: Due to a lack of resource on our part (The Lulz Boat needs additional funding!) we were unable to fully copy all of this information, however, we have samples for you in our files to prove its authenticity. In theory we could have taken every last bit of information, but it would have taken several more weeks.
They said that their goal is to not project themselves as 'master hackers' and continued: hence what we're about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?
They alleged that the Sony didn't encrypt the user data and instead, stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it.
LulzSec added that, This is an embarrassment to Sony; the SQLi link is provided in our file contents, and we invite anyone with the balls to check for themselves that what we say is true. You may even want to plunder those 3.5 million coupons while you can. Included in our collection are databases from Sony BMG Belgium & Netherlands. These also contain varied assortments of Sony user and staffer information.