Hasta La Gadget!

This must be the season of the hacking witch as we’ve now seen yet another company’s online security walls breached. Independent UK games developer Codemasters, responsible for titles like Dirt 3 and Overlord, has reported that its website was hacked on the third of June, exposing the names, addresses (both physical and email), birthdays, phone numbers, Xbox gamer tags, biographies, and passwords of its registered users. Payment information wasn’t compromised, but when you consider that almost everything else was, that feels like hollow consolation. For its part, Codemasters says it took the website offline as soon as the breach was detected and a subsequent investigation has revealed the number of affected users to be in the tens of thousands. Those who might have been affected directly are being emailed with penitent apologies, while the rest of us are being pointed to the company’s Facebook page while its web portal is kept offline.

Codemasters website hacked, ‘tens of thousands’ of personal accounts compromised originally appeared on Engadget on Mon, 13 Jun 2011 04:03:00 EDT. Please see our terms for use of feeds.

Permalink   |  BBC  | Email this | Comments

Oh, Sony — not again. We’ve just received numerous tips that Lulz Security has broken into SonyPictures.com, where it claims to have stolen the personal information of over 1,000,000 users — all stored (disgracefully) in plain text format. Lulz claims the heist was performed with a simple SQL injection — just like we saw the last time around. A portion of the group’s exploit is posted online in a RAR file, which contains over 50,000 email / password combos of unfortunate users. We’ve downloaded this file (at our own risk, mind you) and can verify these sensitive bits are now in the wild, though it remains unclear if what’s published matches reality. In addition to user information, the group has blurted out over 20,000 Sony music coupons, and the admin database (including email addresses and passwords) for BMG Belgium employees. Fresh off the heels of the PlayStation Network restoration, we’re guessing the fine folks in Sony’s IT department are now surviving solely on adrenaline shots.

[Thanks to everyone that sent this in]

Sony Pictures hacked by Lulz Security, 1,000,000 passwords claimed stolen originally appeared on Engadget on Thu, 02 Jun 2011 17:47:00 EDT. Please see our terms for use of feeds.

Permalink   |  Lulz Security (1), (2)  | Email this | Comments

Well, the Pentagon is finally fed up with hackers picking on its buddies and foreign intelligence taking shots at its computer systems, and has decided that such cyber attacks can constitute an act of war. Of course, the powers that be won’t be bombing you for simply sending them some spyware, but attempts to sabotage US infrastructure (power grids, public transit, and the like) may be met with heavy artillery. It’s unclear how our government will identify the origin of an attack or decide when it’s serious enough to start shooting, but Uncle Sam is looking to its allies to help create a consensus answer for those questions. The retaliatory revelation is a part of the Pentagon’s new cyber strategy that’ll be made public in June — so saboteurs beware, your next internet incursion might get you an ICBM in your backyard.

Pentagon says cyber attacks are acts of war: send us a worm, get a missle in return? originally appeared on Engadget on Tue, 31 May 2011 14:43:00 EDT. Please see our terms for use of feeds.

Permalink   |  Wall Street Journal  | Email this | Comments

RSA SecureID dongles add a layer of protection to everything from office pilates class schedules to corporate email accounts, with banks, tech companies, and even U.S. defense contractors using hardware security tokens to protect their networks. Following a breach at RSA in March, however, the company urged clients to boost other security methods, such as passwords and PIN codes, theoretically protecting networks from hackers that may have gained the ability to duplicate those critical SecureIDs. Now, Lockheed Martin is claiming that its network has come under attack, prompting RSA to issue 90,000 replacement tokens to Lockheed employees. The DoD contractor isn’t detailing what data hackers may have accessed, but a SecureID bypass should clearly be taken very seriously, especially when that little keychain dongle is helping to protect our national security. If last month’s Sony breach didn’t already convince you to beef up your own computer security, now might be a good time to swap in ‘Pa55werD1’ for the rather pathetic ‘password’ you’ve been using to protect your own company’s trade secrets for the last decade.

[Thanks to everyone who sent this in]

Update: According to Reuters, Lockheed Martin sent out a statement to clarify that it promptly took action to thwart the attack one week ago, and consequently “no customer, program or employee personal data has been compromised.” Phew! [Thanks, JD]

RSA SecureID hackers may have accessed Lockheed Martin trade secrets, cafeteria menus (update: no data compromised) originally appeared on Engadget on Sun, 29 May 2011 11:04:00 EDT. Please see our terms for use of feeds.

Permalink Boing Boing  |  Wall Street Journal  | Email this | Comments

It’s the security nightmare that just won’t end, and right now there’s got to be plenty of Sony executives beginning to wish someone would pinch them already. After taking quite a PR and financial beating over the PSN breach, now the Greek site of Sony BMG has been hacked and the account info of thousands of users has been posted online. According to the Sophos blog Naked Security, the attack does not appear to have been particularly sophisticated and was carried out using an automated SQL injection tool that demands more patience than skill. While the data dump reveals the usernames, real names, and email addresses of registered SonyMusic.gr customers, other fields (including passwords and telephone numbers) are either empty or contain fake data — suggesting the hack was not entirely successful. Here’s hoping Sony takes this as an opportunity to seriously baton down those security hatches.

Sony BMG Greece hacked, company’s security woes continue originally appeared on Engadget on Mon, 23 May 2011 15:41:00 EDT. Please see our terms for use of feeds.

Permalink   |  Naked Security  | Email this | Comments