It's undoubtedly been a week of mixed emotions at Sony. While the company managed to restore service to its PlayStation Network following an embarrassing, much-publicized cyberattack, it has reportedly suffered a new attack to SonyPictures.com.
Hacker group LulzSec has taken responsibility for the breach, claiming it has compromised more than 1 million user accounts and stolen personal information, including passwords, email addresses, home addresses, dates of birth and other Sony opt-in data. Additionally, the hacker group claimed it stole 75,000 music codes and 3.5 million music coupons.
As the group's press release suggests, the attack appears to be less about the information it stole than about exploiting how easy it is to break into Sony's systems. The hackers claimed to use a basic SQL injection, which gave it nearly unfettered access to the website.
What's more, LulzSec said all the information it accessed was unencrypted, stored in plaintext. The group claimed it could have stolen "every last bit of information," had it had more time.
"From a single injection, we accessed everything," LulzSec stated. "Why do you put such faith in a company that allows itself to become open to these simple attacks?"
The hacker group makes a valid point. While Sony took several steps to enhance its data security practices following the PSN breach, the cyberattacks keep coming. Since the PSN attack, data breaches have also reportedly been suffered by Sony BMG Greece, Sony Music Entertainment and So-net Entertainment, a Sony Corporation subsidiary.
The PSN attack alone is expected to cost Sony an estimated $171.1 million, not including impending legal fees. In its most recent financial report, Sony said it expects a net loss of $3.2 billion by the end of fiscal year 2012.