Sony has been hacked yet again as the group behind the Tupac story hack on PBS revealed they gained access to data of 1m users from Sony Pictures Entertainment.
LulzSec, which claims it’s not affiliated with hacktivist group Anonymous, said it broke into SonyPictures.com and compromised more than 1m users’ passwords, email address, home addresses, dates of birth and all opt-in data associated with their accounts.
LulzSec also managed to compromise admin details on the site, along with 75,000 music codes and 3.5m music coupons.
“Our goal here is not to come across as master hackers, hence what we’re about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now,” read the statement.
“From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?”
The group also said all the data was unencrypted.
This is the latest in a series of major security breaches for Sony. The biggest breach was seen with the infiltration of the PlayStation Network and Qriocity, where personal data on 77m users was obtained. Both services were pulled down until yesterday, when they were fully restored.
The Sony Online Network was also infiltrated and the Canadian Sony Ericsson eShop was attacked, with 2,000 customer records stolen.
LulzSec gained infamy earlier in the week for hacking into the US Public Broadcasting Services (PBS) site, and posting a fake news story claiming that deceased rappers Biggie Smalls and Tupac Shakur are alive in New Zealand.