Not a pretty picture
Sony's internal review of its security seemingly isn't being varied out fast enough, as yet another attack - this time against SonyPictures.com - has lead to the leak of over one million records, including names, addresses, email addresses, phone numbers and unencrypted passwords.
A group calling itself LulzSecurity went a step further than simply claiming to have stolen user account data from Sony's website by posting around 50,000 records on its website. Executive vice president of global communications for Sony Pictures Entertainment, Jim Kennedy, said that Sony is "looking into these claims."
However, although it's impossible to say for sure whether the attackers gained as many accounts as they claim, at least the released records appear to be genuine. The Associated Press took the liberty of phoning a few of the numbers released by 'LulzSec' and verified that their personal data as listed was accurate.
LulzSec also claims to have accessed passwords for Sony BMG employees in Belgium, and says it has acquired over 20,000 coupons for Sony music. That information is less easy to verify, but given the accuracy of the stolen user data, and the apparent propensity for Sony not to safeguard it data with particularly well, it would almost be more surprising if LulzSec hadn't acquired the data it says it has.
Having already lost a predicted £100m as a result of the PSN breach, Sony is already taking steps to ensure an epidemic of breaches like this doesn't occur again. The message for now, though, seems to be that if you've ever handed Sony any personal data you should expect it to be made public by a hacker at some point.