Jun 20, 2011 09:43 GMT  ·  By

Two hackers claim to have found an SQL injection vulnerability on www.sonypictures.fr which gave them access to its underlying database.

The hackers who go by the online handles of Idahc and Auth3ntiq, claim to be from Lebanon and France, respectively.

In support of their claim they released screenshots showing the sonypictures.fr vulnerability being exploited, as well as a partial list of emails extracted from the database.

"We will not publish all the database and we didn't upload a shell [...]. We are not black hats," wrote the two hackers who. According to their announcement, there were 177,172 in the stolen database.

A list of system accounts together with hashed passwords was also extracted because the load_file MySQL function wasn't disabled on the system.

This is the fourth Sony web property that Idahc has broken into as part of a larger hacking campaign that aims to shame the Japanese electronics giant and media conglomerate. The hacker previously stated that he does this for fun.

Two weeks ago he leaked 343 email addresses stolen from the Sony Music Portugal website, while at the beginning of the month he hacked into Sony Europe. Idahc's most serious Sony hack to date involved the Canadian Sony Ericsson e-store, from where, according to him, he could have extracted credit card numbers.

Sony's problems with hackers stem from its legal crackdown against people involved in hacking the PlayStation 3 (PS3) gaming console. The most prominent case was that of reputed hardware hacker George Hotz, geohot, who eventually settled with the company.

It's estimated that the Sony compromises, including the PlayStation Network one, affected over 100 million people worldwide and resulted in the company's shares dropping in value. Its new image as a company that cannot be trusted with personal data is probably going to haunt Sony for a long time.