One month after the company suffered the biggest security breach in history, a hacker group calling itself Lulz posted personal information from more than 1 million user accounts on SonyPictures.com.
Lulz issued numerous statements on Thursday about the hack, several of which included the personal data. In a press release, the group taunted Sony, insisting the incident is “an embarrassment” for the entertainment company.
Due to a lack of resource on our part (The Lulz Boat needs additional funding!) we were unable to fully copy all of this information, however we have samples for you in our files to prove its authenticity. In theory we could have taken every last bit of information, but it would have taken several more weeks.
Our goal here is not to come across as master hackers, hence what we’re about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?