More than 100,000,000, yes that’s one hundred million, email addresses and passwords have been stolen over the past two and a half months. That makes 2011 one of the worst years in recent memory for the large-scale theft of email and password information. It is likely to lead to substantial financial problems for people around the world.
Here’s What Happened
Sony PlayStation Flubs Up
In April of this year, 77 million customer records were stolen via the PlayStation Network Intrusion. This intrusion was so bad that Sony had to shut down and then re-engineer major components of its money-making online gaming system. It’s been alleged that credit card information, and more, was stolen from Sony.
Sony Online Entertainment Hacked
Then came May 2nd of this year. Now Sony Online Entertainment was hacked and ultimately 25 Million customer records were stolen, including more than 12,000 foreign credit card numbers.
Count: 25 Million Email Addresses, Passwords, names and as many as 25 Million Credit Card Numbers
Sony BMG Greece Falls
Although a comparatively spartan theft, Sony BMG Greece lost some 8,500 email addresses and password hashes. Now the password hashes are not necessarily a big deal, as they usually cannot be used to break into your account on another machine, but… come on sony!
Count: 8,500 Email Addresses
I’m not Sony hater, in fact I love some of the technology they’ve introduced over the years, but come on! Even I’m starting to notice a pattern here.
The next day, hack number 16 for Sony. Sony Ericsson Canada lost email addresses and passwords, and that information was posted on pastebin. Quoting Sophos:
“The attacker claims that he used standard SQL injection techniques to acquire the database. I think it is fair to say it appears that Sony has not learned anything from the previous 12 attacks.
“SQL injection flaw? Check. Plain text passwords? Check. People’s personally identifiable information totally unprotected? Check.
“Idahc is the same attacker who targeted the Canadian Sony Ericsson site in May, 2011. In his note on pastebin he states: “I was Bored and I play the game of the year : ‘hacker vs Sony’.” He posted the link to pastebin with the simple note “Sony Hacked: pastebin.com/OMITTED lol.” (Read more Here.)
I guess the good-ish news here is that if you were one of those whose information was compromised you can rest assured that Sony has already attempted to contact you.
Count: Hundreds of accounts’ information
It continues on June 2nd, when LulzSec claims it stole more than 1 Million User Names, Passwords, Email Addresses and personal information from the SonyPictures.com web site. Turns out that none of the information was encrypted and it was all in plain text, ready for use.
Count: 1+ Million User Names, Passwords, Email Address and more.
Even though Sony’s been hit hard this year, they’re not the only ones with hacker problems.
Acer Europe has apparently fallen prey to the Pakistan Cyber Army, which has claimed that it stole 40,000 records from their database which include customer names, physical addresses, phone numbers and email addresses.
What to Do?
You can check to see if your information was compromised. Unfortunately, we don’t have a full list of the accounts which were compromised, nor details about all of the information which was stolen.
If you’ve ever logged into the SonyPictures.com website it’s time to change your password. It’s been compromised.
- Sony BMG Greece hacked (go.theregister.com)
- What the Latest Data Security Breaches Really Mean (pcworld.com)
- Sony BMG Greece hacked, company’s security woes continue (engadget.com)
- Sony Data Breach Cleanup To Cost $171 Million (informationweek.com)
- Sony Pictures attacked again, 4.5 million records exposed (nakedsecurity.sophos.com)
- Even Gmail Can Get Hacked (webpagefx.com)
- Gmail Accounts Under Attack (eset.com)