Sony Pictures warns its customers about spear phishing
Following last week’s breach executed by LulzSec, Sony Pictures has finally issued a consumer alert and seems also to have sent it to the addresses of approximately 37,500 people whose personal information has been stolen during the attack.
They say that they have engaged outside experts to investigate the matter and to collect and analyze forensic clues, as well as having contacted the FBI and apprised it of the situation.
“We believe that one or more unauthorized persons may have obtained some or all of the following information that you may have provided to us in connection with certain promotions or sweepstakes: name, address, email address, telephone number, gender, date of birth, and website password and user name,” says in the alert.
The compromised information can easily be used for spear phishing attacks against the users, tricking them into revealing further information such as social security numbers or credit card information. The company thus warns the users to be extra careful and not to give out such information even when it seems that Sony Pictures Entertainment is the one asking.
“When our website features are fully restored, we strongly recommend that you log on and change your password,” they add. “If you use your Sony Pictures website user name or password for other unrelated services or accounts, we strongly recommend that you change them there, as well.”