This article is from the source 'bbc' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.bbc.co.uk/go/rss/int/news/-/news/business-13636704

The article has changed 7 times. There is an RSS feed of changes available.

Version 5 Version 6
Sony network attacked again, hackers claim Sony investigating another hack
(about 4 hours later)
  
A hacker group has claimed it has attacked the Sony network and stolen more than one million passwords, e-mail addresses and other information. Sony is investigating another hacking attack on one of its websites.
Lulz Security said it had broken into servers that run SonyPictures.com. A group called Lulz Security claims to have broken into Sonypictures.com and accessed details of a million users.
The Japanese electronics giant said it was aware of Lulz Security's statement and was investigating the claims. Passwords, home addresses and other personal information relating to several thousand of the accounts was released online.
Sony had to apologise in April after its PlayStation Network was attacked and hackers stole data from more than 77 million accounts. It is the third major hack to hit Sony since April when the PlayStation Network was targeted and the details of 77 million users compromised.
That attack was considered the biggest in internet history and led to Sony shutting down the PlayStation Network and other services for almost a month. Details of the latest attack were made available on the recently created href="http://lulzsecurity.com/" title="Lulz Security" >Lulz Security website
The company has estimated the data breach will result in a $170m (£104m) hit to its operating profit. A LulSec press release said: "SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now.
Since then, Sony's networks have become targets for hackers and the company has confirmed at least four other break-ins prior to the claimed attack on Sony Pictures. "From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?"
Lulz Security claims to be behind one of those attacks, an assault on Sony Music Japan. Unprotected text
The latest alleged attack will come as a blow to the Japanese firm, 24 hours after it announced the PlayStation Network would be fully restored in the US and Europe, and said it had beefed up its security systems. SQL attacks are generally regarded as one of the more straightforward ways of gaining unauthorised access to a website.
'Asking for it' Typically, an attacker will attempt to bypass the username and password system by sending code or characters that confuse the site's programming.
In a statement on Thursday, Lulz Security said it had hacked into a database that included unencrypted passwords as well as names, addresses and dates of birth of Sony customers. The release also claims that user information on Sonypictures.com was stored in unencrypted, plain text format.
"From a single injection, we accessed EVERYTHING," it said. "Why do you put such faith in a company that allows itself to become open to these simple attacks? LulSec explained that it was unable to make the entire user database available, however it released a portion of it, totalling roughly 50,000 users.
"What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plain text, which means it's just a matter of taking it. Sony has yet to respond to the claims, but said in a tweet: "We are looking into the claims about reports of attacks on Sony Pictures websites. Please follow us for latest updates."
"This is disgraceful and insecure: they were asking for it." Mikko Hypponen, chief research officer at security firm F-Secure, said that another Sony breach had been almost inevitable.
The group also recently claimed responsibility for hacking the website of the PBS network and posting a fake story in protest at a news programme about WikiLeaks. "I'm not surprised by anything about Sony anymore," he told BBC News.
"It will be hard for a company of that size to make sure they are secure if someone wants to go and find holes."
Mr Hypponen said that Sony had become a preferred target of hackers because of the company's long history of vigorously defending its intellectual property.
Most recently, it took legal action against a US hacker, George Hotz, who claimed to have cracked elements of the PlayStation's security.
"That was the turning point. But it is easy to hate Sony, starting with the CD rootkit in 2005," said Mr Hypponen, referring to an earlier scandal that erupted when it was discovered that some Sony music CDs had secretly installed copy protection software on users' computers.
Mystery hackers
Little is known about the LulSec group, although they have claimed responsibility for recent attacks on several websites in the USA - Fox, PBS and XFactor.
It is understood to be a separate organisation from Anonymous, the "hacker collective" which has been linked to a number of high profile web attacks including several on Sony sites.
The latest attack has, once again, raised questions about the strength of security employed by Sony and other companies holding sensitive user data.
Much of the information taken in the Sony hacks was unencrypted and easily readable.
Mike Smart from cryptography specialists Safenet said that many companies were only applying their highest security protocols to data such as credit card numbers.
He explained that other "social" information was often given minimal protection.
"People can get through the front door. Now we have got to the stage that we need to lock the inside doors and put our documents in a safe.