It looks like Sony Pictures is the latest company under the Sony umbrella to be the victim of a data breach. Lulzsec, the hacking group that made headlines recently for injecting itself onto the PBS front page and pronouncing Tupac Shakur to be alive and in hiding, has announced that it has "compromised over 1,000,000 users' personal information," which reportedly included unencrypted passwords and lots of personal information. Lulzsec claims to have used "a very simple SQL injection" in its attack. Wording in each file also implies that this data came specifically from sweepstakes.
Unlike the PlayStation Network breach, however, Lulzsec has released samples of its findings. And to be clear, that includes about 39,000 email / password combinations and 12,500 more with email, password, homes addresses, and dates of birth. About 600 usernames, emails, and passwords were also nabbed from Sony BMG Netherlands. We're still going through those files, but so far it doesn't look good. We've reached out to Sony Pictures for comment.
Update: Sony Pictures Entertainment has released the following statement from EVP of Global Communications Jim Kennedy: "We are looking into these claims." We've actually called several of the numbers listed in published files, and so far they line up with the associated names and addresses.