This site makes extensive use of JavaScript.
Please enable JavaScript in your browser.
Live
PTR
10.2.7
PTR
10.2.6
Beta
So how many of you are here right now because the PSN is down?
Post Reply
Return to board index
Post by
variable303
Supposedly, there's a chance that another group that might be hacking them:
http://news.cnet.com/8301-13506_3-20067865-17.html
Post by
xlanadenx
Seems like they weren't bull^&*!ting:
Greetings folks. We're LulzSec, and welcome to Sownage. Enclosed you will
find various collections of data stolen from internal Sony networks and websites,
all of which we accessed easily and without the need for outside support or money.
We recently broke into SonyPictures.com and compromised over 1,000,000 users'
personal information, including passwords, email addresses, home addresses,
dates of birth, and all Sony opt-in data associated with their accounts.
Among other things, we also compromised all admin details of Sony Pictures
(including passwords) along with 75,000 "music codes" and 3.5 million "music coupons".
Due to a lack of resource on our part (The Lulz Boat needs additional funding!)
we were unable to fully copy all of this information, however we have samples
for you in our files to prove its authenticity. In theory we could have taken
every last bit of information, but it would have taken several more weeks.
Our goal here is not to come across as master hackers, hence what we're about
to reveal: SonyPictures.com was owned by a very simple SQL injection, one of
the most primitive and common vulnerabilities, as we should all know by now.
From a single injection, we accessed EVERYTHING. Why do you put such faith in
a company that allows itself to become open to these simple attacks?
What's worse is that every bit of data we took wasn't encrypted. Sony stored
over 1,000,000 passwords of its customers in plaintext, which means it's just
a matter of taking it. This is disgraceful and insecure: they were asking for it.
This is an embarrassment to Sony; the SQLi link is provided in our file contents,
and we invite anyone with the balls to check for themselves that what we say
is true. You may even want to plunder those 3.5 million coupons while you can.
Included in our collection are databases from Sony BMG Belgium & Netherlands.
These also contain varied assortments of Sony user and staffer information.
Follow our sexy asses on twitter to hear about our upcoming website. Ciao! ^_^
and
SonyPictures.com has been owned, this is its SQLi hole:
TEAR THE LIVING &*!@ OUT OF IT WHILE YOU CAN; TAKE FROM THEM EVERYTHING!
Contents of our plunder:
Sony_Pictures_International_AUTOTRADER_USERS.txt
-- In this file you will find just under 12,500 customers of Sony; this includes dates of birth, addresses, emails, full names, passwords, user IDs, and personal phone numbers.
Sony_Pictures_International_BEAUTY_USERS.txt
-- In this file you will find just under 21,000 customers of Sony; this is a simple email/password drop. Enjoy your account stealing.
Sony_Pictures_International_COUPONS.txt
-- In this file you will find just under 20,000 Sony music coupons; please note that there are 3.5 million coupons to take - get 'em.
Sony_Pictures_International_DELBOCA_USERS.txt
-- In this file you will find just under 18,000 customers of Sony; this is a simple email/password drop. Again, enjoy your stealing.
Sony_Pictures_International_MUSIC_CODES.txt
-- In this file you will find just under 67,000 Sony music codes; they're like magnets, we simply have no idea how they work.
Sony_Pictures_International_TABLE_LAYOUT.txt
-- In this file you will find the layout of the database; that means you can easily see where to steal things from.
Note that the database contains far more user information/coupons than we took. The point is that we had control of them; all of them. We leave the rest up to you - steal as much as you want, go forth!
ADDITIONAL OWNAGE:
Sony_BMG_Music_Entertainment_NETHERLANDS
-- This file contains the user database of BMG Netherlands; it's around 600 usernames, emails, and passwords. Enjoy.
Sony_BMG_Music_Entertainment_BELGIUM
-- This file contains the Sony admin database of BMG Belgium; also lots of barcodes, release dates, and other juicy ^&*!.
I can't help but wonder how a company manages to hold together after these things. If Sony can have vulnerabilities, how long before others are looked at for the same vulnerabilities?
I removed the links that they gave. Don't need to damage them any more than they have been.
Edited for readability.
Post by
Squishalot
The interesting questions will be:
a) Is it an inside job?
b) Is it possibly entrapment, to encourage would-be hackers to break in, only to have law enforcement lying in wait?
c) Is the data being released even correct at all?
I'm not comfortable answering any of the above questions, to be honest.
Edit: On a side note, the free game downloads are working perfectly fine right now.
Post by
Adamsm
Hopefully the site maintenance will be over soon so I can update my password and finally put my FF4 Complete DLC onto Dissidia 012.
Post by
238331
This post was from a user who has deleted their account.
Post by
Heckler
So I was able to change my password yesterday. My Netflix is functional again, and the PS Store has: a "30-days free" offer for PlaystationPlus (happily, it says "this is not an auto-renewing subscription, after 30 days, it will simply expire"), 2 free PS3 games, and 2 free PSP games (I don't even have a PSP so I'm not sure what will happen if I download them anyways). Pretty cool I suppose, the downtime only caused me about 3 days of headache so I'm not bitter.
c) Is the data being released even correct at all?
I guess the Associated Press picked a phone number at random from the list of leaked info and verified all of the listed information (including password) were correct with the 84 year old woman who answered (
source: AP
).
Post by
Treskol
What's worse is that every bit of data we took wasn't encrypted. Sony stored
over 1,000,000 passwords of its customers in plaintext, which means it's just
a matter of taking it. This is disgraceful and insecure: they were asking for it.
o.0
Wonderful news.
I tried getting a new password an hour before anyone said anything, it just said the site was down for maintenance and would be up shortly. Seemed weird for a link specifically made to recover lost passwords.
Post by
Squishalot
@ chaosultimamage:
Regarding (a) and (b), that's just what they want you to think ;)
I can't see how they could have just left their databases open post-security fix. As I understand, LulzSec knew exactly where to go to find the relevant data tables. Arguably, if they managed to get any sort of admin details (either via hack or inside job), then that would explain them being able to walk in and download things as free-text.
I guess the Associated Press picked a phone number at random from the list of leaked info and verified all of the listed information (including password) were correct with the 84 year old woman who answered
Did AP hack into Sony to test the leak too?
Post by
238331
This post was from a user who has deleted their account.
Post by
gnomerdon
I feel sorry for those who put their credit and debit card information. If I ever do get the PS3, I am going to buy a gamecard or something. Are there such things? :(
Post by
238331
This post was from a user who has deleted their account.
Post by
Monday
Wow, sucks to be Sony right now, big time.
Post by
238331
This post was from a user who has deleted their account.
Post Reply
You are not logged in. Please
log in
to post a reply or
register
if you don't already have an account.