Sony Pictures comments on security breach but fails to actually apologize
For the first time since LulzSec claimed to have hacked into the Sony Pictures website on June 2nd and gaining access to usernames, passwords, email addresses, home addresses, dates of birth and other typical opt-in data, Sony Pictures admitted to and addressed the problem on their site yesterday. Except for one thing: they didn't apologize.
In their statement, they said, "On June 2, 2011, we learned we were the target of a cyberattack when a hacker claimed that he had recently broken into sonypictures.com." They didn't learn that they had been hacked from their own internal security measures, they only found out about the breach when the hackers publicly announced the hack.
"Approximately 37,500 people...may have had some personally identifiable information stolen during the recent attack." 37,500? We'll get to that number in a second... They continue, "We believe that one or more unauthorized persons may have obtained some or all of the following information that you may have provided to us in connection with certain promotions or sweepstakes: name, address, email address, telephone number, gender, date of birth, and website password and user name." One or more? LulzSec posted a .rar file on their site that was publicly downloadable and contained user info for 50,000 accounts, already more than the 37,500 Sony is quoting and Lulz claims this is just a fraction of compromised information.
Sony's statement seems to make a particular point of noting that "the stolen information did not include, any credit card information, social security numbers or driver license numbers" and provides multiple links to protect against credit card fraud. But they neglect to make any real mention of how damaging it can be to have your name, address, username and password out in the wild. Many people use the same username and password across multiple sites and this information, while not directly connected to credit card theft, could be used to log in to credit card sites, e-mail accounts and other sensitive information.
For what it's worth, Sony thanks you for your patience as they work to resolve this "inconvenience." Yes, an inconvenience. The second time in as many months that Sony users have been inconvenienced by a simple lack of security on their network. And at the end of the day, not a single apology. No, "we're sorry," or "we'll make this right" or even a half-hearted "our bad!" Anthony Weiner was more penitent and all he did was send a picture of his junk to someone over Twitter.
It's pretty shameful that Sony has been so slow to respond publicly during both hacks and have barely taken any accountability during the affair (the personal information of their users were stored in an unencrypted text file!).