"We recently broke into Sonypicture.com and compromised over 1,000,000 users’ accounts, personal information, including passwords, e-mail addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts," the group said in a blog.
LulzSec says the group used SQL injection to prove the weaknesses in Sony's defenses. "Why do you put such faith in a company that allows itself to become open to these simple attacks?" the blog asks. The data was not encrypted, according to the group.
Sony has not yet commented on the post. If it proves to be true, the hack will be among several that have been perpetrated on the company during the past month.
LulzSec is calling its anti-Sony campaign "Sownage" and is describing its efforts on Twitter. The stolen data was posted for a time, but the site that supported the data was taken down, according to the group. Sonypictures.com is still operational.
Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.