We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Shizuo Kambayashi/AP/Press Association Images

Sony investigates claim of another security breach

Hackers have claimed that they have hit Sony for a second time – taking over one million passwords, emails, and other user information – by accessing unencrypted data stored by the corporation.

SONY HAS BEEN hit by a second massive data breach, hackers claim, another potential embarrassment for a company that is struggling to restore its image following the loss of millions of credit card numbers through its PlayStation Network.

The hackers, who call themselves LulzSec, said they pulled off what they described as an elementary attack to highlight Sony’s “disgraceful” security.

“Every bit of data we took wasn’t encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it’s just a matter of taking it,” LulzSec said in a statement. “They were asking for it.”

RTÉ quotes a statement released by the hacking group, which read: “From a single injection, we accessed EVERYTHING.”

Sony Pictures, a subsidiary of Sony Corporation of America, that is had been notified of Lulz Security’s statement and was investigating the claims, the BBC reports.

“We are looking into these claims,” said Jim Kennedy, executive vice president of global communications for Sony Pictures Entertainment.

The data — which includes passwords, email addresses, phone numbers, home addresses, dates of birth — was posted to the LulzSec website and appeared to be at least partially genuine.

The Associated Press called a number listed by LulzSec as belonging to 84-year-old Mary Tanning, a resident of Minnesota. Tanning picked up the phone, and confirmed the rest of the details listed by LulzSec — including her password, which she said she was changing.

“I don’t panic,” she told the AP, explaining that she was very seldom online and wasn’t wealthy. “There’s nothing that they can pick out of me,” she joked.

Several other people contacted by the AP confirmed that their passwords had been published online. Many were angry and distressed.

“If this is so, I’m very upset,” said Elizabeth Smith, from Tucson, Arizona. “I’m very disappointed that Sony would not protect things like that.”

Like several others contacted by the AP, Smith said she often entered online sweepstakes — including ones she described as being affiliated with Sony. Neither she nor anyone else reached over the phone said they’d heard from the company about the apparent breach.

Sony Corp. is already is facing questions over why it did not inform consumers more quickly after a massive cyber-attack in April targeted credit card information through its PlayStation Network and Sony Online Entertainment network, compromising more than 100 million user accounts.

Read more: Sony says Greek music site security breach affected 8,500 user accounts >
Read more: Sony defends reaction to security breach >
Read more: Sony begins to restore PlayStation Network >

Additional reporting by the AP