Two days ago, hacking group “NullCrew” announced on their twitter that they have hacked into Sony’s owned website sonymobile.com, and that they have gained control of a total of 8 servers operated by Sony. The initial announcement by NullCrew, “Interested in buying database access for one of Sony’s sites? Email me:…“ was quickly followed by a “Sony hacked” message as well as a link to a pastebin showing what the hackers say are a series of usernames and passwords stored in the sonymobile platform.
The information has been relayed by enough trusted people that this does not seem to be a fake (unlike some similar announcement made a few weeks ago), however the reasons behind the hack are quite unclear. Hacking group Nullcrew were involved in several hacking operations related to the arrest of one of the PirateBay’s admins recently, but the Sony hack does not really seem related. Rather, the hackers seemed to imply that this is just some form of punishment because of Sony’s lack of concern for the security of their servers. Quoting:
“Sony, we are dearly dissapointed in your security. This is just one of eight sony servers that we hve control of. Maybe, just maybe considering IP addresses are avaliable. Maybe, just maybe it’s the fact that not even your customers can trust you. Or maybe, just maybe the fact that you can not do anything correct technologically.”
It is not really surprising that Sony is the target of many hackers. Not only, as a global engineering company, are they a “high class” target, they also made lots of enemies a year and a half ago, when they decided to sue George Hotz for his jailbreak of the PS3. That led to them being massively hacked last year, leaking private information about millions of their customers.
What’s surprising, on the other hand, is that they still have heavily vulnerable websites lying around (according to some of NullCrew’s members, the hack was not “that difficult”), despite the bad hack that happened last year. In a way, it seems to be the main reason these hackers went after Sony, to show publicly that this company does not seem to care at all about their customers’ privacy, even after being so dramatically reminded of the importance of securing their systems, last year.