Apparently the hack wasn’t even that difficult for LulzSec to pull off: Gizmodo quotes LulzSec as saying, “SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING.”
In addition, none of the passwords were encrypted; instead, they were stored in plain text.
Keep in mind that Sony Pictures is an entirely different division of the company from Sony Computer Entertainment, the Sony subsidiary responsible for the PlayStation 3 and hit with April’s PlayStation Network hack. Still, it’s another black eye for a company that hasn’t exactly garnered a good reputation security-wise in recent weeks.
We’ll have more on PCWorld.com on this story as it develops, including tips on what you should do in case you fall victim to a data breach.