UPDATE 5-Hackers attack another Sony network, post data

Fri Jun 3, 2011 3:10am EDT

(Adds background)

* Attack targeted Sony Pictures Entertainment

* Customer data published on Internet

* Sony says checking hacker's claim; shares flat

* Lockheed Martin, Google also victims of cyber attacks

* Cyber security rising up agenda of global policymakers

By Jim Finkle and Liana B. Baker

BOSTON/NEW YORK, June 2 (Reuters) - Hackers broke into Sony Corp's computer networks and accessed the information of more than 1 million customers to show the vulnerability of the electronic giant's systems, the latest of several security breaches undermining confidence in the company.

LulzSec, a group that claims attacks on U.S. PBS television and Fox.com, said it broke into servers that run Sony Pictures Entertainment websites. It published the names, birth dates, addresses, emails, phone numbers and passwords of thousands of people who had entered contests promoted by Sony.

"From a single injection, we accessed EVERYTHING," the hacking group said in a statement. "Why do you put such faith in a company that allows itself to become open to these simple attacks?"

The security breach is the latest cyber attack against high-profile firms, including defense contractor Lockheed Martin and Google Inc .

LulzSec's claims came as Sony executives were trying to reassure U.S. lawmakers at a hearing on data security in Washington about their efforts to safeguard the company's computer networks, which suffered the biggest security breach in history in April.

Sony has been under fire since hackers accessed personal information on 77 million PlayStation Network and Qriocity accounts, 90 percent of which are users in North America or Europe.

Sony said at the time credit card information may have been stolen, sparking lawsuits and casting a shadow over its plans to combine content and hardware products via online services. Nobody has claimed responsibility for the April attack.

It later revealed hackers had stolen data from 25 million users of a separate system, its Sony Online Entertainment PC games network, in a breach discovered on May 2.

Sony said it was investigating the breach claimed by LulzSec and declined to elaborate. Sony shares in Tokyo fell 0.6 percent on Friday, in line with the broader market.

The latest attack, unlike that on the PlayStation Network, was not on a revenue-generating Website and was likely to have no impact on earnings, analysts said.

Reuters confirmed the authenticity of the data on several contestants that LulzSec said it had published.


Cyber security is quickly rising up the agenda for global policymakers.

The Australian government said on Friday it will develop a cyber defence strategy and the United States said in a report in May that hostile acts in cyberspace would be treated just like any other threat to the country. [ID:nL3E7H300H][ID:nN3135624]

The hacking attack on Lockheed may have compromised the safety of SecureID tokens made by EMC Corp , while that on Google targeted, among others, senior U.S. government officials' data. [ID:nN02261322][ID:nN02290419]

"These allegations are very serious," U.S. Secretary of States Hillary Clinton said of the Google attack, which the Internet giant said appeared to originate in China.

In the latest attack on Sony, the U.S. Federal Trade Commission could choose to review the circumstances leading up to the breach if Sony Pictures Entertainment failed to use proper procedures for protecting the data of its customers.

John Bumgarner, chief technology officer for the U.S. Cyber Consequences Unit, a nonprofit group that monitors Web threats, said he was not surprised that Sony's systems had again been breached.

"The system was unsecure," said Bumgarner, who last month warned of a string of security vulnerabilities across Sony's networks that he had identified.

He said he found vulnerabilities in the Sony Pictures Entertainment network as recently as last weekend.

The first hacking attacks in April prompted Sony to shut down its PlayStation Network and other services for close to a month.

The PlayStation games network and Qriocity, a video and music service, are back online except for some operations in Japan, South Korea and Hong Kong.

Representatives criticized Sony in the Congressional hearing for waiting several days to notify customers of the breach.

LulzSec has claimed responsibility for several hacks over the past month. It said it defaced the U.S. PBS television network's websites, and posted data stolen from its servers on Monday to protest a "Front Line" documentary about WikiLeaks.

It has also broken into a Fox.com website and published data about contestants for the upcoming Fox TV talent show, "X Factor."

LulzSec also said on Thursday it had hacked into Sony BMG Music Entertainment Netherlands and Belgium. It previously disclosed an attack on Sony Music Japan. (Additional reporting by Diane Bartz in Washington, Mayumi Negishi in Tokyo; Editing by Steve Orlofsky, Richard Chang and Muralikumar Anantharaman)

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (2)
nyurbiz wrote:
Time for Sony to ask for a refund from the clowns they hired as IT consultants to bail them out of this mess. Sony should be held responsible for their lack of action, their ineptitude in securing customer data, and for putting the S back into Stupid.

Jun 02, 2011 12:11am EDT  --  Report as abuse
imwithid wrote:
It may be easy, or more appropriately, simplistic, to attack the hackers for Sony’s woes, however, Sony is in the unenviable position of being responsible for the data of their clients and customers. They are ultimately responsible for protecting data from malfeasance (despite the disclosure one agrees to when entering contests, aside from customers in general).

I have not been a customer of Sony in almost 15 years as their customer service had been abysmal and dishonest back in the mid to late 1990s; for me this was a signal or representative of customer care in general on a larger scale. I regret that current customers are the victims, perhaps of both parties, however, perhaps this will send a signal to Sony Corporation that they need to change things at higher levels.

My bias is evident in my comment. I don’t pity Sony’s upper management.

Jun 03, 2011 1:44am EDT  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.