Ya cuando todo parecía paz y silencio alrededor de la PlayStation Network y acababan de anunciar que regresarían a final de esta semana, sale a la luz Lulz Security con un torrent mostrando los problemas que tiene Sony. Ponen a disposición de “aquel que tenga (la disposición necesaria) para darse cuenta de que todo lo que tienen es verídico”, toda la información que Sony tenía almacenada en sus servidores. 

Sí, información personal, contraseñas, direcciones de email y físicas de los usuarios, fechas de nacimiento y toda, pero toda, la información que Sony tenía asociada con las cuentas. Entre otras cosas, también aseguran tener todos los detalles administrativos de Sony Pictures (con contraseñas) junto con 75 mil códigos de música y 3.5 millones de cupones de música.

Dicen que el objetivo de este hack era hacer notar la vulnerabilidad de una empresa tan grande al cometer un error aún de mayor tamaño: no encriptar su información. Aquí les dejamos el texto completo que encontramos en uberwin.net para que lo juzguen ustedes.

“(…) personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 “music codes” and 3.5 million “music coupons”.

Due to a lack of resource on our part (The Lulz Boat needs additional funding!) we were unable to fully copy all of this information, however we have samples for you in our files to prove its authenticity. In theory we could have taken every last bit of information, but it would have taken several more weeks.

Our goal here is not to come across as master hackers, hence what we’re about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?

What’s worse is that every bit of data we took wasn’t encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it’s just a matter of taking it. This is disgraceful and insecure: they were asking for it.

This is an embarrassment to Sony; the SQLi link is provided in our file contents, and we invite anyone with the balls to check for themselves that what we say is true. You may even want to plunder those 3.5 million coupons while you can.

Included in our collection are databases from Sony BMG Belgium & Netherlands. These also contain varied assortments of Sony user and staffer information.

Follow our sexy asses on twitter to hear about our upcoming website. Ciao! ^_^”