Sony Pictures attacked again, 4.5 million records exposed

[security curmudgeon <jericho () attrition org>]

http://nakedsecurity.sophos.com/2011/06/02/sony-pictures-attacked-again-4-5-million-records-exposed/

Sony Pictures attacked again, 4.5 million records exposed
by Chester Wisniewski on June 2, 2011

The same hackers who recently attacked PBS.org have turned their attention 
back to Sony by releasing the latest dump of information stolen from 
Sony's websites.

While the information disclosed includes approximately 150,000 records, 
the hackers claim the databases exposed contain over 4.5 million records, 
at least a million of which include user information.

The data stolen includes:

     * A link to a vulnerable sonypictures.com webpage.
     * 12,500 users related to Auto Trader (Contest entrants?) including 
birth dates, addresses, email addresses, full names, plain text passwords, 
user IDs and phone numbers.
     * 21,000 IDs associated with a DB table labeled "BEAUTY_USERS" 
including email addresses and plain text passwords.
     * ~20,000 Sony Music coupons (out of 3.5 million in the DB).
     * Just under 18,000 emails and plain text passwords from a Seinfeld 
"Del Boca" sweepstakes.
     * Over 65,000 Sony Music codes.
     * Several other tables including those from Sony BMG in The 
Netherlands and Belgium.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/