The hacker group that took over the website of PBS NewsHour last weekend has returned to its first love — hacking Sony.
LulzSec announced Thursday it hacked servers at Sony Pictures and Sony BMG. The group posted what appear to be the stolen e-mail addresses and passwords of about 50,000 consumers who’d registered for one of three Sony promotional sweepstakes: last year’s “Seinfeld — We’re Going to Del Boca Vista!” giveaway, a January contest Sony conducted with AutoTrader, and a Sony contest to promote the film Green Hornet.
The announcement said the group pulled off the hack using a simple SQL injection vulnerability — a common website weakness. LulzSec said more than 1 million consumer accounts were accessible in the breach, but it wasn’t able to grab all the data “due to a lack of resources on our part.” It tweeted a plea for donations to fund further attacks.
LulzSec is the same group that cracked PBS on Sunday to protest Frontline’s hour-long documentary on WikiLeaks. In that hack, the group stole and posted thousands of stolen passwords, and added a fake news story to a PBS NewsHour blog reporting that deceased rapper Tupac Shakur had been found “alive and well” in New Zealand .
Before that, LulzSec hacked Sony’s Japanese website and Fox.com, where the group stole and posted 363 employee passwords and the names, phone numbers and e-mail addresses of 73,000 people who had signed up for audition information for the upcoming Fox talent show The X-Factor.
The Sony Pictures hack attack is the latest of a seemingly endless series of intrusions at Sony, which began with massive breaches in April that compromised account information on 77 million users of Sony’s PlayStation Network, and another 25 million at Sony Online Entertainment, the company’s game development arm. Nobody has claimed credit for those large attacks, but the griefer collective Anonymous had recently declared Sony a target in protest of the company’s lawsuit against PlayStation 3 tinkerer George Hotz. Sony claimed an Anonymous calling card was found on one of the servers compromised at SOE.