Reports matter to FBI
Sony Pictures Entertainment has said its forensic experts have confirmed that one or more of its websites had indeed been breached as claimed by hacking group LulzSec.
Last Thursday, hackers from LulzSec claimed that they had broken into SonyPictures.com and stolen email addresses and passwords of over a million users. The attacks were apparently meant to teach Sony a lesson.
LulzSec, which has also claimed responsibility for the hack of the Public Broadcasting Service (PBS) website, said that they used a "simple" attack on a "primitive" security hole to gain control of Sony Pictures database.
The group also posted the stolen information online where they are publicly accessible.
Lulz Security had said, "We recently broke into SonyPictures.com and compromised over 1,000,000 users’ personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts."
"Due to a lack of resources on our part we were unable to fully copy all of this information," the group had said.
"In theory we could have taken every last bit of information, but it would have taken several more weeks."
The group had added that Sony was negligent with its data and stored it in unencrypted form.
"Why do you put such faith in a company that allows itself to become open to these simple attacks?" Lulz Security had asked.
In response, Sony Pictures had said that it is aware of the claims and is investigating the matter.
After a day, Sony confirmed the attack, adding that it is taking measures to prevent a recurrence.
Chairman and chief executive Michael Lynton and co-chairwoman Amy Pascal said in a joint statement, "We also retained a respected team of experts to conduct the forensic analysis of the attack."
The company said it had reported the breach to the Federal Bureau of Investigation as well.