Sony has managed it again. Remember this?
We recently broke into SonyPictures.com and compromised over 1,000,000 users personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 “music codes” and 3.5 million “music coupons”.
What’s worse is that every bit of data we took wasn’t encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it’s just a matter of taking it. This is disgraceful and insecure: they were asking for it.
Really, Sony? Having unbreachable security is a matter of expertise. But saving passwords and other sensitive data in plain text, without any encryption? The last time this happened, a little over a month ago, I was a little defensive towards Sony: after all, website hacks can and do occur sometimes.
But now I take that back. Sony IT is plain stupid.
Link via Lessien.