Sony has been hacked again, according to a group that recently infiltrated the servers at PBS.
A group that identifies itself as Lulzsec claims to have hacked into SonyPictures.com and compromised the personal information of more than 1 million users.
"Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 'music codes' and 3.5 million 'music coupons,'" Lulzsec wrote in a note posted to Pastebin.com.
Lulzsec is the same group that infiltrated PBS servers to post fake news and password dumps.
The news comes the same day that Sony brought the Sony PlayStation store back online and appeared on Capitol Hill to say there was no "clear evidence" that hackers accessed credit card information on its PlayStation Network. The company, however, said it and other tech companies are vulnerable to future attacks absent any action from Congress.
Sony has been conducting an "intensive investigation" into the hack that took down its PlayStation Network for almost a month and in looking "deeply" at the logs related to the hacked databases, "we have found no clear evidence that there was any access made to the credit card information, and we found plenty of evidence that that data was not accessed," Tim Schaaff, president of Sony Network Entertainment International, told a House Energy and Commerce subcommittee.
Almost a week after the PSN went down, Sony confirmed that hackers had obtained personal information from the network, which possibly included credit cards. The company later said that credit card information was encrypted, but it could not rule out the possibility that it was obtained by the hackers.
Schaaff said Thursday that as its investigation continued, the information it recovered about credit card data "has changed." In speaking with credit card companies, there are "no signs of unusual activity related to this breach," Schaaff said.
Still, despite pointing fingers at clandestine cyber-group Anonymous, Sony still does not know who hacked into its system. "We're working with law enforcement to try and figure that out," Schaaff said.
Last month, Sony said one of its SOE servers included mention of Anonymous. Though a group spokesman has denied involvement, it has launched distributed denial of service attacks against Sony for suing PS3 hackers.
When asked if Sony regrets pursuing PS3 hackers given that those lawsuits possibly prompted the PSN hack, Schaaff said it points to a larger problem of how companies protect their content. But if Sony hadn't gone after those hackers, it "would've played out" at another company, he said. "We are all under attack."
Furthermore, without comprehensive privacy legislation from Congress coupled with industry-wide best practices, the tech industry is vulnerable to future attacks, Schaaff speculated. In written testimony, he said Sony supports federal data breach legislation that would require companies to inform customers about any breaches in a timely and consistent manner, regardless of the state in which they reside.
"Without further assistance, we're all going to have a world of hurt in this Internet economy and we would appreciate your assistance," Schaaff told the subcommittee.
Jeanette Fitzgerald, general counsel with Epsilon Data Management, which recently had a data breach of its own, said it also supports federal legislation that would replace the patchwork of state laws governing data protection with one, federal law.
Rep. Mary Bono Mack, chair of the subcommittee on commerce, manufacturing, and trade, said "Americans need additional safeguards to prevent identity theft, and I will soon introduce legislation designed to accomplish this goal."
Her bill will focus on three guiding principles: companies and entities that hold personal information must establish and maintain security policies to prevent the unauthorized acquisition of that data; information considered especially sensitive, such as credit card numbers, should have even more robust security safeguards; and consumers should be promptly informed when their personal information has been jeopardized.
In the Senate, John Kerry and John McCain have teamed up to introduce a bill that would provide Internet users with a commercial privacy bill of rights.
This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.
No comments:
Post a Comment