This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Sony hacker u-turns on sale of breached data

Share this article:
Sony hacker u-turns on sale of breached data
Sony hacker u-turns on sale of breached data
The hacker behind the recent attack and data breach on Sony has admitted that he is no longer selling the data which he seized last week.

In a statement, hacker 'NullCrew' claimed to have hit the electronics giant and posted information gained from its systems after taking control of eight servers. It said that it had a list of usernames, email addresses, passwords and other information that appeared to be related to Sonymobile.com.

The statement, which is no longer on Pastebin, read: “Sony, we are dearly dissapointed [sic] in your security. This is just one of eight sony servers that we hve [sic] control of. Maybe, just maybe considering IP addresses are avaliable [sic]. Maybe, just maybe it's the fact that not even your customers can trust you. Or maybe, just maybe the fact that you can not [sic] do anything correct technologically."

The list included 441 usernames with additional email addresses, 24 usernames with hashed passwords and three admin data sets. In an email to SC Magazine, a spokesperson for 'Official Null', who revealed his name to be 'Jonah', said that it 'got the data using SQL Injection'.

He said: “Of course, the server was terribly insecure, so we shelled the Sony Mobile site using 'INTO OUTFILE'. Now we've managed to gain access to eight different servers since we only had shelled one.”

However he also revealed that that the group is no longer planning to sell the data. “I'm not selling anymore because I'll probably release more data (for example on PSN) in the future,” he said.

'Jonah' did not respond to further emails in regard to where the SQL Injection vulnerability was, however he did say that it did directly target Sony. Regarding affiliation to other hacktivist groups or previous actions against Sony, which were prevalent last year, he said it was not directly associated with Anonymous, however it did support most of their operations.

Sony issued a statement confirming the hack saying that no credit card information was compromised in the attack and mostly users of its mobile unit in China and Taiwan were impacted. It also said it did not know the source of the attack.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Google and Facebook offer free cyber-security tools

Google and Facebook offer free cyber-security tools

Google and Facebook have both launched free open-source cyber-security tools this week, designed to help security professionals spot malware and cyber-attacks.

Mixed results for key Government cyber-initiatives

Mixed results for key Government cyber-initiatives

The Government's Verify scheme to confirm IDs is behind scheuduled uptake, but its CISP threat intelligence sharing scheme is ahead of target.

Hundreds of companies face 2,000 cyber-attacks in EU exercise

Hundreds of companies face 2,000 cyber-attacks in EU ...

The European Network and Information Security Agency (ENISA) conducted a 24-hour cyber-exercise in which more than 200 organisations from 25 EU member states faced virtual cyber-attacks from white hat hackers ...