A hacker group has claimed it has attacked the Sony network and stolen more than one million passwords, email addresses and other information.
In April, hackers broke into Sony’s PlayStation Network and stole data from more than 77 million accounts. That attack was considered the biggest in internet history and led to Sony shutting down the PlayStation Network and other services for almost a month.
The company has estimated the data breach will result in a $170m (£104m) hit to its operating profit.
Since then, Sony’s networks have become targets for hackers and the company has confirmed at least four other break-ins prior to the claimed attack on Sony Pictures.
Lulz Security claims to be behind one of those attacks: an assault on Sony Music Japan.
The latest alleged attack will come as a blow to the Japanese firm, 24 hours after it announced the PlayStation Network would be fully restored in the US and Europe, and said it had beefed up its security systems.
‘Asking for it’
In a statement on Thursday, Lulz Security said it had hacked into a database that included unencrypted passwords as well as names, addresses and dates of birth of Sony customers.
"From a single injection, we accessed EVERYTHING," it said. "Why do you put such faith in a company that allows itself to become open to these simple attacks?"
"What’s worse is that every bit of data we took wasn’t encrypted. Sony stored over 1,000,000 passwords of its customers in plain text, which means it’s just a matter of taking it.
"This is disgraceful and insecure: they were asking for it."
The group also recently claimed responsibility for hacking the website of the PBS network and posting a fake story in protest at a news programme about WikiLeaks.
– BBC News
Uriminzokkiri, a North Korea propaganda site, early this week blamed “South Korea’s extreme right-wingers” for a cyber attack that disrupted its website last weekend. The China-based site claimed the hackers were trying to stop its “influence from spreading.”
“They should stop acting recklessly and think carefully about a grave consequence that could be caused by their mean acts,” it warned.
On January 8, the day widely believed to be Kim Jong Eun’s birthday, pictures and messages that derided the Kim dynasty, were posted by hackers on the website as well as the related Twitter account. Meanwhile, a video clip making fun of the younger Kim was posted on YouTube.
Dcinside.com, a Seoul-based internet website, claimed responsibility.
“Some of our users did that in retaliation for a DDOS (denial of service) attack on our site on January 6,” said Kim Yoo-sik, who runs the site. “It is unclear whether it was done by North Korea or a group of North Korea sympathizers inside South Korea.”
Right after the attack disabled his site for 30 minutes, he posted a statement on the front page that said “Jong Il, Jong Eun, Come out, Let’s fight!” in order to show “a strong willingness not to back down at least in cyber world.”
The site, with daily visitors of 1.3-1.5 million, started in 1999 as a small web forum for digital camera users, but now has more than 1,400 boards for free discussion on various topics from North Korea, politics, and entertainment.
Mr. Kim said he sees a change towards North Korea among site users. “Since the Yeongpyeong attack, people have become more fearful but also furious about what happened. They wanted to show their feelings through this cyber attack” (on the North Korea site), he said.
The North Korea site denied the accusation that it attacked dcinside.com, saying that while South Korean site was misleading public opinion, Uriminzokkiri is not a “childish” group that “invades other’s websites or does hacking for fun.”
Meanwhile, the four Tweets posted by hackers from the South Korean site are strangely still available at the time of writing. One of them says “Let’s kill senile Kim Jong Il and tyrannical offspring pig Kim Jong Eun with one stroke of our sword, so that we can eat rice and meat soup and live as happily as people in the South.”
- Wall Street Journal