Posts: 2,118
Threads: 100
Joined: 2008-08
Gender: Male
Sexual Orientation: Straight
Country Flag: brazil
IGN: Crazynomad
Server: Azralon
Job: Prot Paladin
Guild: Pro Pug Society
Quote:Oh, Sony -- not again. We've just received numerous tips that Lulz Security has broken into SonyPictures.com, where it claims to have stolen the personal information of over 1,000,000 users -- all stored (disgracefully) in plain text format. Lulz claims the heist was performed with a simple SQL injection -- just like we saw the last time around. A portion of the group's exploit is posted online in a RAR file, which contains over 50,000 email / password combos of unfortunate users. We've downloaded this file (at our own risk, mind you) and can verify these sensitive bits are now in the wild, though it remains unclear if what's published matches reality. In addition to user information, the group has blurted out over 20,000 Sony music coupons, and the admin database (including email addresses and passwords) for BMG Belgium employees. Fresh off the heels of the PlayStation Network restoration, we're guessing the fine folks in Sony's IT department are now surviving solely on adrenaline shots.
Posts: 2,118
Threads: 100
Joined: 2008-08
Gender: Male
Sexual Orientation: Straight
Country Flag: brazil
IGN: Crazynomad
Server: Azralon
Job: Prot Paladin
Guild: Pro Pug Society
Note: this is 20,000 of 3.5 million - we had full access to the entire table, just not the time or patience to parse all of them.
Feel free to access the database for yourself and plunder as many as your heart desires.
Quote:SonyPictures.com has been owned,
this is its SQLi hole:
## Sony_Pictures_International_AUTOTRADER_USERS.txt ##
-- In this file you will find just under 12,500 customers of Sony;
this includes dates of birth, addresses, emails, full names,
passwords, user IDs, and personal phone numbers.
## Sony_Pictures_International_BEAUTY_USERS.txt ##
-- In this file you will find just under 21,000 customers of Sony;
this is a simple email/password drop. Enjoy your account stealing.
## Sony_Pictures_International_COUPONS.txt ##
-- In this file you will find just under 20,000 Sony music coupons;
please note that there are 3.5 million coupons to take - get 'em.
## Sony_Pictures_International_DELBOCA_USERS.txt ##
-- In this file you will find just under 18,000 customers of Sony;
this is a simple email/password drop. Again, enjoy your stealing.
## Sony_Pictures_International_MUSIC_CODES.txt ##
-- In this file you will find just under 67,000 Sony music codes;
they're like magnets, we simply have no idea how they work.
## Sony_Pictures_International_TABLE_LAYOUT.txt ##
-- In this file you will find the layout of the database;
that means you can easily see where to steal things from.
Note that the database contains far more user information/coupons
than we took. The point is that we had control of them; all of them.
We leave the rest up to you - steal as much as you want, go forth!
ADDITIONAL OWNAGE:
## Sony_BMG_Music_Entertainment_NETHERLANDS ##
-- This file contains the user database of BMG Netherlands;
it's around 600 usernames, emails, and passwords. Enjoy.
## Sony_BMG_Music_Entertainment_BELGIUM ##
-- This file contains the Sony admin database of BMG Belgium;
also lots of barcodes, release dates, and other juicy pomegranate.
Quote:Greetings folks. We're LulzSec, and welcome to Sownage. Enclosed you will
find various collections of data stolen from internal Sony networks and websites,
all of which we accessed easily and without the need for outside support or money.
We recently broke into SonyPictures.com and compromised over 1,000,000 users'
personal information, including passwords, email addresses, home addresses,
dates of birth, and all Sony opt-in data associated with their accounts.
Among other things, we also compromised all admin details of Sony Pictures
(including passwords) along with 75,000 "music codes" and 3.5 million "music coupons".
Due to a lack of resource on our part (The Lulz Boat needs additional funding!)
we were unable to fully copy all of this information, however we have samples
for you in our files to prove its authenticity. In theory we could have taken
every last bit of information, but it would have taken several more weeks.
Our goal here is not to come across as master hackers, hence what we're about
to reveal: SonyPictures.com was owned by a very simple SQL injection, one of
the most primitive and common vulnerabilities, as we should all know by now.
From a single injection, we accessed EVERYTHING. Why do you put such faith in
a company that allows itself to become open to these simple attacks?
What's worse is that every bit of data we took wasn't encrypted. Sony stored
over 1,000,000 passwords of its customers in plaintext, which means it's just
a matter of taking it. This is disgraceful and insecure: they were asking for it.
This is an embarrassment to Sony; the SQLi link is provided in our file contents,
and we invite anyone with the balls to check for themselves that what we say
is true. You may even want to plunder those 3.5 million coupons while you can.
Included in our collection are databases from Sony BMG Belgium & Netherlands.
These also contain varied assortments of Sony user and staffer information.
Follow our sexy asses on twitter to hear about our upcoming website. Ciao! ^_^
Funny you didnt post when google finally admit that they were hacked too. Just targeting sony just like hackers
Your SSN is the most powerful piece of information you have as long as that is safe your fine. Still people suffer from identity theft without sony help
These hackers are pineappleing with peoples' lives, and I do not agree with it. Some of them work their asses off to get to where they are, only to have some insignificant pimento take it away from them because they're able to fiddle with code. Exposing them like this, even if Sony's security wasn't all that great, boils my blood.
Posts: 2,118
Threads: 100
Joined: 2008-08
Gender: Male
Sexual Orientation: Straight
Country Flag: brazil
IGN: Crazynomad
Server: Azralon
Job: Prot Paladin
Guild: Pro Pug Society
street Wrote:Funny you didnt post when google finally admit that they were hacked too. Just targeting sony just like hackers
Your SSN is the most powerful piece of information you have as long as that is safe your fine. Still people suffer from identity theft without sony help
at least google admit they got hacked. took sony 5-6 days to say: hey we got hacked and all ur info is not safe anymore, after being like: our console WILL NEVER be hacked and we have the BEST security system so no one have to worry about ^^. then they try to sue geohot, while apple didn't care, while microsoft sent a win7 phone to geohot so he could jailbreak it, while microsoft offer geohot a job, sony was like: THE pineapple YOU DID!?! we are sueing you coz the PS3 IS OUR, you buy, but you cant do pomegranate with it. then sony go and sue this german dude coz he installed linux on a ps3.
Do you see sony sueing these dude on youtube that post video of them burning/shooting down a ps3? no.
Do you see the xbox live/itunes being hacked? no.
Do you see other game producer being hacked? no.
Sony is just being targerted because sony thought they were god, and no one could hack the ps3 fortress, i guess they were wrong?
CrazyNomad Wrote:at least google admit they got hacked. took sony 5-6 days to say: hey we got hacked and all ur info is not safe anymore, after being like: our console WILL NEVER be hacked and we have the BEST security system so no one have to worry about ^^. then they try to sue geohot, while apple didn't care, while microsoft sent a win7 phone to geohot so he could jailbreak it, while microsoft offer geohot a job, sony was like: THE pineapple YOU DID!?! we are sueing you coz the PS3 IS OUR, you buy, but you cant do pomegranate with it. then sony go and sue this german dude coz he installed linux on a ps3.
Do you see sony sueing these dude on youtube that post video of them burning/shooting down a ps3? no.
Do you see the xbox live/itunes being hacked? no.
Do you see other game producer being hacked? no.
Sony is just being targerted because sony thought they were god, and no one could hack the ps3 fortress, i guess they were wrong?
[URL="http://www.engadget.com/2011/06/02/google-admits-sensitive-email-accounts-have-been-hacked-some-us/"]Wrong took google 4 months to admit they were hacked.
[/URL]
Quote:he Contagio security blog posted evidence back in February of targeted attacks against government and military officials on Gmail. Today, nearly four months later, Google has finally admitted this is true: hundreds of personal accounts have been compromised by hackers
You really dont know anything do you. Why do you think new version of how to jailbreak your iphone was always being released? Cause apple care when people were hacking their phone! They even went as far as making all the updated required to even use your phone/ipod.
Again they didnt care that he was hacking HIS SYSTEM. When he released it for EVERYONE they had to do something. Pirating games will hurt game producers. THINK about the effects! People not buying games means game producer should stop making games for the ps3 cause their is no profits anymore. Who get hurt? The gamers
lol microsoft offer him a FREE PHONE! If you were in the phone development scene which i know you're probably not, you would understand what was going on. If you are a well known developer they will reach out to you and offer you a free phone. Look at the folks over at xda(phone hacking central) microsoft already gives them phone to hack in too and mod.
Also when the pineapple did sony ever say they have the best security? I want you to cite that source for me. Until then your just pulling random pomegranate out your ass with no proof
You dont know the diffrence between affecting only your game expreince compared to everyone.
Why should they sue someone breaking a ps3? They already have the money for the purchase who cares lol
street Wrote:Game producers? Video games right? Hmm last time i checked Black ops, mw 2, wow, maplestory, has hacks.
Last time I checked, I don't remember my personal info being hacked from playing BO, MW2, or MS. Those hacks just mess with gameplay. I think you need to get your facts straight.
WingZero Wrote:Last time I checked, I don't remember my personal info being hacked from playing BO, MW2, or MS. Those hacks just mess with gameplay. I think you need to get your facts straight.
Really? Your personal info was never hacked playing MS? How many times has someone put a keylog on your comp just to get your ms account. It has been done. He said game producers! How can a game be hacked? By messing with the gameplay. What info do these games ask for? His post was nothing about personal info, it was about hacks in general to video game producers. Read before you post buddy
WingZero Wrote:Last time I checked, I don't remember my personal info being hacked from playing BO, MW2, or MS. Those hacks just mess with gameplay. I think you need to get your facts straight.
If your maplestory account gets hacked, it's most likely also your email, which could lead to personal information. MW2/BO is played on the ps3, kind of killing that opinion off the bat.
street Wrote:Really? Your personal info was never hacked playing MS? How many times has someone put a keylog on your comp just to get your ms account. It has been done. He said game producers! How can a game be hacked? By messing with the gameplay. What info do these games ask for? His post was nothing about personal info, it was about hacks in general to video game producers. Read before you post buddy
This is why I don't use PS3 or iTunes or Facebook or any of that crap. Just to be clear, ALL gaming or merchandising companies that use online methods of payment are susceptible to these sorts of attacks.
This is why I don't use PS3 or iTunes or Facebook or any of that crap. Just to be clear, ALL gaming or merchandising companies that use online methods of payment are susceptible to these sorts of attacks.
The fact you have an active e-mail account means your susceptible to online identity theft. I understand what you're getting at but just because you have yet to give anyone any credit card info doesn't mean you are in no way invincible (if your maplestory account is active you've more or less defeated your own claim since MS uses online methods of payment).
Nevertheless, i'm aware i'm open to online identity theft. However, I try and minimize the extent of the information online about me. Facebook is, in my opinion, the single most stupid online collection of private information. That anyone uses FB and puts any personal information on that website boggles my mind.