We were going to title today's Sony breach as "Better Safe Than Sony" as was widely mentioned in twitters and blogs and commentaries. However, it turns out that this breach was done by non other than LulzSec (aka Lulz Security), instead of the usually-blamed Anonymous, who had a field day giving PBS news a makeover via a fake story on Tupac Shakur still living and shooting cans with good ol' Elvis. We will not delve much in to Sony's recent string of breaches, rivaling those of companies that use RSA SecurID and military contractors, as we have already done that in some previous posts, but we do want to quote Lulz Security as relayed in the BBC article:
In a statement on Thursday, Lulz Security said it had hacked into a database that included unencrypted passwords as well as names, addresses and dates of birth of Sony customers.
"From a single injection, we accessed EVERYTHING," it said. "Why do you put such faith in a company that allows itself to become open to these simple attacks?
"What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plain text, which means it's just a matter of taking it.
"This is disgraceful and insecure: they were asking for it."
The group also recently claimed responsibility for hacking the website of the PBS network and posting a fake story in protest at a news programme about WikiLeaks.