Yep. It’s happened again:
Computerworld – LulzSec, a hacking group that recently made news for hacking into PBS, claimed today that it has broken into several Sony Pictures websites and accessed unencrypted personal information on over 1 million people.
The attack? A simple SQL injection attack. Most web sites built since 2002 have known how to defend against SQL injections.
“What’s worse is that every bit of data we took wasn’t encrypted,” the group claims. “Sony stored over 1,000,000 passwords of its customers in plaintext, which means it’s just a matter of taking it.”
Storing passwords in plaintext is simply negligent.
If customers experience identity theft as a result of this breach, you should expect a class-action lawsuit. These aren’t secure websites breached by a sophisticated attack. These are utterly inept programming decisions.
I have a bad, bad feeling that this is going to get a lot worse for Sony.
What’s even worse than all of this?
I own Sony stock.