Sony PicturesThe security woes for Sony are continuing unabated, and the latest entry in the laundry list of attacks against the company came Thursday when a group of hackers posted a large amount of data that it stole from databases belonging to Sony Pictures and a couple of other subsidiaries.

A group calling itself Lulz Security has claimed responsibility for the attack and has posted a significant amount of information, including plaintext passwords and apparently some names, phone numbers and some physical addresses. The attack also compromised databases belonging to Sony BMG.

The data dump Thursday is one of several security incidents that have plagued the global electronics and media conglomerate, which began with the attack on the company’s PlayStation Network online gaming platform in April. That attack started with some initial DDoS attacks against some of Sony’s servers and then blossomed into a full-on assault on PSN, resulting in the company having to take the network offline. That intrusion resulted in a massive data breach that compromised the personal information of 77 million PSN customers.

In response to the attack, Kazuo Hirai, chairman of Sony Computer Entertainment of America, said in a letter to Congress that the company was being targeted by professional hackers.

“What is becoming more and more evident is that Sony has been the victim
of a very carefully planned, very professional, highly sophisticated
criminal cyber attack designed to steal personal and credit card
information for illegal purposes,” he said in the letter.

Since that first attack, several other online properties owned by Sony have been targeted by attackers, including some foreign subsidiaries and the company’s Qriocity network.

Ars Technica reported that the latest compromise was the result of a SQL injection attack, the same kind of technique that has been used to attack other Sony Web properties.

Categories: Malware, Vulnerabilities, Web Security