Sony hacker u-turns on sale of breached data

By

Users in China and Taiwan impacted.

The hacker behind the recent attack and data breach on Sony has admitted that he is no longer selling the data which he seized last week.


In a statement, hacker 'NullCrew' claimed to have hit the electronics giant and posted information gained from its systems after taking control of eight servers.

It said that it had a list of usernames, email addresses, passwords and other information that appeared to be related to Sonymobile.com.

The statement, which is no longer on Pastebin, read: “Sony, we are dearly dissapointed [sic] in your security. This is just one of eight sony servers that we hve [sic] control of. Maybe, just maybe considering IP addresses are avaliable [sic]. Maybe, just maybe it's the fact that not even your customers can trust you. Or maybe, just maybe the fact that you can not [sic] do anything correct technologically."

The list included 441 usernames with additional email addresses, 24 usernames with hashed passwords and three admin data sets. In an email to SC Magazine, a spokesperson for 'Official Null', who revealed his name to be 'Jonah', said that it 'got the data using SQL Injection'.

He said: “Of course, the server was terribly insecure, so we shelled the Sony Mobile site using 'INTO OUTFILE'. Now we've managed to gain access to eight different servers since we only had shelled one.”

However he also revealed that that the group is no longer planning to sell the data. “I'm not selling anymore because I'll probably release more data (for example on PSN) in the future,” he said.

'Jonah' did not respond to further emails in regard to where the SQL Injection vulnerability was, whether this was targeted deliberately against Sony, or regarding any affiliation to other hacktivist groups or previous actions against Sony, which were prevalent last year.

Sony issued a statement confirming the hack saying that no credit card information was compromised in the attack and mostly users of its mobile unit in China and Taiwan were impacted. It also said it did not know the source of the attack.

This article originally appeared at scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, UK edition
Tags:
hackingsecuritysony

Sponsored Whitepapers

Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra

Events

Most Read Articles

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'
NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul
Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?