LulzSec claims Sony hack, theft of passwords

Getty Images
LulzSec claims Sony hack, theft of passwords
Getty Images

(CBS/AP) LONDON - Sony has been hit by a second massive data breach, hackers who call themselves LulzSec claim. The hackers said they pulled off what they described as an elementary attack to highlight Sony's "disgraceful" security.

"Every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it," LulzSec said in a statement. "They were asking for it."

CNN describes the attack as having targeted "various websites associated with Sony Pictures."

The breach is another potential embarrassment for Sony, which is struggling to restore its image after the lengthy shutdown of its online PlayStation Network, following the loss of millions of credit card numbers in a hacker attack.

Sony Pictures, a subsidiary of Sony Corporation of America, said Thursday it is aware of the LulzSec statement.

"We are looking into these claims," said Jim Kennedy, executive vice president of global communications for Sony Pictures Entertainment.

The data - which includes passwords, email addresses, phone numbers, home addresses, dates of birth - was posted to the LulzSec website and appeared to be at least partially genuine.

It is unclear who the members of LulzSec are, or where they're based. LulzSec recently claimed responsibility for hacking the website of the PBS television network to post a fake story in protest of a recent "Frontline" investigative news program on WikiLeaks.

For the past two days, the group has been mocking Sony via Twitter and alluding to a hacking operation.

Posts on the microblogging site through an account linked to the group at times chastise "silly Sony" and "You Sony morons," saying "everything we have will be published in multiple ways to ensure maximum embarrassment and exposure for [Sony] and their security flaws."

Complete coverage of the PlayStation network attack on Crimesider