A hacking activist group which claimed responsibility for attacks against the websites of PBS and Nintendo has breached Sony Pictures, exposing more than 100,000 account credentials.
Sony Pictures Digital Inc., the subsidiary of Sony that runs its movie and music business, confirmed that a hacking group has breached its website, exposing user account credentials.
In a statement issued June 3, Sony Pictures said it took action to protect against further intrusion of its systems. The company said it was targeted by a hacker group known as “LulzSec,” which claimed responsibility for attacks on PBS and Nintendo.
“A respected team of outside experts is conducting a forensic analysis of the attack,” Sony said in a statement. In addition, we have contacted the U.S. Federal Bureau of Investigation and are working with them to assist in the identification and apprehension of those responsible for this crime.”
The attackers are believed to have used a SQL injection attack to breach the website. The Lulz Security hacking group has been actively boasting about its high profile website attacks. The organization posted more than 100,000 account credentials of users of the Sony Pictures website. The hackers said they took the data from the Sony Pictures and Sony BMG websites. In addition to account credentials, the information made public includes addresses and phone numbers.
The group claimed responsibility for the latest attack against Nintendo’s U.S. servers, posting details of the attack on Twitter. The group said it had obtained an internal configuration file for one of Nintendo’s U.S. servers. It also hacked and defaced the website of InfraGard, an Atlanta-based organization that shares FBI cybercrime data with the private sector. The group posted more than 100 account credentials that it had stolen in that attack.
Sony and its subsidiaries have been investigating as many as a dozen breaches on its systems after a massive breach exposed information on more than 100 million users of its PlayStation and Entertainment Group networks. The company has apologized to victims, bolstered system security and is hiring a CISO to manage its security initiatives.