Sony Pictures and Sony BMG hacked, 1 million user's details stolen

A few days ago, a hacker group known as "LulzSec" claimed that they would launch a huge attack against Sony. It appears this group was true to their word as they have just released a large cache of data that was stolen from Sony Pictures and Sony BMG.

In what they are calling "Sownage", LulzSec claim that the whole hack was done via a very simple SQL injection, which gave them complete access to private data from over 1 million users. The data includes everything from email addresses and passwords to home addresses and dates of birth. Additionally, this data was apparently not encrypted and has since been uploaded to various file sharing websites and torrents.

Greetings folks. We're LulzSec, and welcome to Sownage. Enclosed you will
find various collections of data stolen from internal Sony networks and websites,
all of which we accessed easily and without the need for outside support or money.
 
We recently broke into SonyPictures.com and compromised over 1,000,000 users'
personal information, including passwords, email addresses, home addresses,
dates of birth, and all Sony opt-in data associated with their accounts.
Among other things, we also compromised all admin details of Sony Pictures
(including passwords) along with 75,000 "music codes" and 3.5 million "music coupons".

This is yet more bad news for Sony, who have been suffering numerous data breaches lately, the most notable of which being the PSN attack which occurred in April of this year. Not all of the one million customer details have been leaked online, however a considerable amount has been released. The details of the hack have also been released and at the time of writing, it is still open, meaning additional customer details could be taken at any time.
 
Contents of our plunder:

## Sony_Pictures_International_AUTOTRADER_USERS.txt ##
-- In this file you will find just under 12,500 customers of Sony;
this includes dates of birth, addresses, emails, full names,
passwords, user IDs, and personal phone numbers.

## Sony_Pictures_International_BEAUTY_USERS.txt ##
-- In this file you will find just under 21,000 customers of Sony;
this is a simple email/password drop. Enjoy your account stealing.

## Sony_Pictures_International_COUPONS.txt ##
-- In this file you will find just under 20,000 Sony music coupons;
please note that there are 3.5 million coupons to take - get 'em.

## Sony_Pictures_International_DELBOCA_USERS.txt ##
-- In this file you will find just under 18,000 customers of Sony;
this is a simple email/password drop. Again, enjoy your stealing.

## Sony_Pictures_International_MUSIC_CODES.txt ##
-- In this file you will find just under 67,000 Sony music codes;
they're like magnets, we simply have no idea how they work.

## Sony_Pictures_International_TABLE_LAYOUT.txt ##
-- In this file you will find the layout of the database;
that means you can easily see where to steal things from.

Note that the database contains far more user information/coupons
than we took. The point is that we had control of them; all of them.
We leave the rest up to you - steal as much as you want, go forth!

ADDITIONAL OWNAGE:

## Sony_BMG_Music_Entertainment_NETHERLANDS ##
-- This file contains the user database of BMG Netherlands;
it's around 600 usernames, emails, and passwords. Enjoy.

## Sony_BMG_Music_Entertainment_BELGIUM ##
-- This file contains the Sony admin database of BMG Belgium;
also lots of barcodes, release dates, and other juicy ***.

If you have an account with any of Sony's Pictures of BMG websites, it is strongly advisable to change your password immediately, however note that Sony will likely take down the sites soon, much like they did when the PlayStation Network was compromised.

Report a problem with article
Previous Story

GoG.com announces the addition of classic EA games to DRM-free site

Next Story

Nintendo 3DS to get access to 25,000 free WiFI hotspots in US

88 Comments

Commenting is disabled on this article.

Sony brought this on themselves and I for one tho not a hacker am glad. Sony misused their power by taking away a featire of the hardware which many found useful for no reason whatsoever. I hope the suffer from now and until they get out the video game business.

This really goes to show this, this proves that no matter how much money and power you have, someone can bring you to your knees.
I hope they hack Sony totally out of business. at least in this market. I would say, the hackers should tell Sony, either you find a way to have Sony present services usable by all customers and restore the original features to our consoles, refusing to do so means we hack you indefinitely. That si what they should do. and if I had $1M I would send it to this group to show my support of them.

I am sure Sony is trying to find the groups responsible. But they may not want to haul them to court. That si what started this in the first place. They need to make peace or they will continue to have this issue. Hackers are a group that is very powerful and simply unstoppable. Sony should know this.

tester.br said,
$ony = FAIL of the history

HURR DURR YOU'RE SO FUNNY. I see what you did there, putting a $ sign instead of the S, how insanely clever and unique.

That bit of immaturity aside, I have two questions for you.
1. Do you REALLY think this is the fail of history out of any tech related debacle out there?
2. What the hell does money have to do with this? This wasn't done to get revenge on Sony's "greed", it was done by a bunch of 16 year old kids who just wanted free stuff (in the form of accounts/music/products/games)

I'm getting tired of this self-righteous hacker crusade. You are hurting the consumers more than Sony and aren't winning anyone over. I can't wait until they get what's coming to them.

ambiance said,
I'm getting tired of this self-righteous hacker crusade. You are hurting the consumers more than Sony and aren't winning anyone over. I can't wait until they get what's coming to them.
They're winning over anyone who's thinking straight. The customers made a choice to support a company that was corrupt a long time ago.

ambiance said,
I'm getting tired of this self-righteous hacker crusade. You are hurting the consumers more than Sony and aren't winning anyone over. I can't wait until they get what's coming to them.

the PSN hack alone cost them $175 million, and that's before the cost of credit security and lawsuits.

hotdog963al said,
"simple SQL injection", "not encrypted".
No excuse for this, absolutely none.

I know. The work experience tea-boy could have doe this. I would urge everyone to change your passwords while you can, change debit/credit cards and move your custom elsewhere. The whole world seems to be learning lessons from this except soy themselves

Shadowzz said,

He who laughs last, will laugh the hardest.
With all the money Sony is losing because of this, not to mention all of the damage to their brand as a whole, I don't think they'll be laughing any time soon.
Someone should be fired for this and lessons should be learnt, though I doubt that will actually happen.

1) Fail on their part for not encrypting data.
2) Cool "lulzsec" you hacked another Sony thing, feel better? It was funny at first, now it is OLD.
3) None of this is SONY's customers' fault - why release their data? Just say "yupp we got it".

Alladaskill17 said,
1) Fail on their part for not encrypting data.
2) Cool "lulzsec" you hacked another Sony thing, feel better? It was funny at first, now it is OLD.
3) None of this is SONY's customers' fault - why release their data? Just say "yupp we got it".

^this.
they got what they wanted already. Only thing they're doing is enlarging their e-penor.
They will brag about it, and if Sony is a little smart, they went to the law officials. Then they'll just get caught sooner or later.
They somehow forget that there are just a few countries save for Sony's wrath... and those barely got internet. Sony has offices around the globe
Plus they have the money and time to spend hunting them down. They've hunted people down for less.

Alladaskill17 said,
1) Fail on their part for not encrypting data.
2) Cool "lulzsec" you hacked another Sony thing, feel better? It was funny at first, now it is OLD.
3) None of this is SONY's customers' fault - why release their data? Just say "yupp we got it".
He's not trying to be funny.

And it IS the customers' fault for supporting a company that they could have known a long time ago was corrupt.

Beaux said,
He's not trying to be funny.

And it IS the customers' fault for supporting a company that they could have known a long time ago was corrupt.

Do tell me how these customers knew this would happen, because I'm very interested to know how someone could say something so braindead and stupid.

This affects all of us regardless if we have an account with Sony. Our tax dollars are paying for politicians to make new laws, FBI, and to send our military in to get the hacker. This is costing all of us. Granted Sony should be paying for all of the expenses but they are not.

I don't have a PlayStation so I was not worried but now that I think about it I bought a laptop and registered product registration. I guess I am exposed too. Time to change my account info and wipe it clean. Hopefully its not too late.

BillyJack said,
This affects all of us regardless if we have an account with Sony. Our tax dollars are paying for politicians to make new laws, FBI, and to send our military in to get the hacker. This is costing all of us. Granted Sony should be paying for all of the expenses but they are not.
Don't we deserve it if the politicians react like that? We voted them in.

The policians should be making Sony pay for every last effect of this, including the salaries of the politicians while they work to solve any related problems.

But this won't happen, because the politicians don't work for the people. They work for the corporations.

Edited by Beaux, Jun 3 2011, 3:24am :

millions of users account details, along with passwords.
The same passwords they use for Hotmail/Gmail which posses a massive security risk.
not good.

barteh said,
millions of users account details, along with passwords.
The same passwords they use for Hotmail/Gmail which posses a massive security risk.
not good.
Natural Selection.
Anyone who uses the same password mail that they do on any websites gets what they deserve.. Ideally you should have a password per site.. or at minimum you should have a few "levels" of passwords, unique for mail, bank, etc, then a few common ones for different sites that if breached won't open up everything.

At this point all the blame goes directly to Sony after all the PSN issues and clear direct warnings from hackers to still have security hole this wide open should be a crime and people at Sony should have to answer for their blatant incompetence with our personal data.

Sony should be banned from collecting personal data from people after all this crap.

swanlee said,
At this point all the blame goes directly to Sony after all the PSN issues and clear direct warnings from hackers to still have security hole this wide open should be a crime and people at Sony should have to answer for their blatant incompetence with our personal data.

Sony should be banned from collecting personal data from people after all this crap.

Ya because it's easy to check every one of their thousands of websites, most of which probably not even under their control but run by third parties, for any issues..

Only difference between Sony and every other site you deal with on a daily basis is that Sony has had the bad press.. It's all those other sites you think are secure that are gonna screw you over..

burhan9k said,
Time to get a PC!!

FTFY. They don't even need you to pay for, nor sign up to an online gaming service. You know, you can just play for free... Unless it's an MMO, in which case they tend to be battle hardened by stuff like this...

d4v1d05 said,

FTFY. They don't even need you to pay for, nor sign up to an online gaming service. You know, you can just play for free... Unless it's an MMO, in which case they tend to be battle hardened by stuff like this...

PC gaming is great but you missed out the fact that many games come riddled with DRM and get released months/years after console releases.

d4v1d05 said,

FTFY. They don't even need you to pay for, nor sign up to an online gaming service. You know, you can just play for free... Unless it's an MMO, in which case they tend to be battle hardened by stuff like this...

Yeah, you know, because there's nothing else involved with the internet other than you playing on some server when it comes to PC games, right?

DRM, In-Game signups to stat track, BattleNet, etc etc. Your PC is not invulnerable. The 360 is far closer to being so than that, the money we pay for Live actually does go somewhere, not just into the pockets of Microsoft's employees, just FYI.

They're saying "We stole all you personal info and releasing it on the internet, you stupids!" but they think they're saying "We're kicking Sony's ass! The world should love us!"... really, this is ridiculous. It's just like "We killed your family to show you the weakness of the police, in revenge for them to arrest one of our members". I still think some hackers should be decapitated in public...

Aghares said,
They're saying "We stole all you personal info and releasing it on the internet, you stupids!" but they think they're saying "We're kicking Sony's ass! The world should love us!"... really, this is ridiculous. It's just like "We killed your family to show you the weakness of the police, in revenge for them to arrest one of our members". I still think some hackers should be decapitated in public...

That analogy doesn't work.. That would be assuming the police had prior knowledge to the murder, and knew that they weren't protecting the family securely enough. Sony had knowledge they were about to be hacked, knew their security systems sucked (and if they didn't, wow), left the information in plain text, and did not do anything about it before they got hacked.

Zappa859 said,

That analogy doesn't work.. That would be assuming the police had prior knowledge to the murder, and knew that they weren't protecting the family securely enough. Sony had knowledge they were about to be hacked, knew their security systems sucked (and if they didn't, wow), left the information in plain text, and did not do anything about it before they got hacked.

Thank you, took the words right out of my fingers.

Zappa859 said,

That analogy doesn't work.. That would be assuming the police had prior knowledge to the murder, and knew that they weren't protecting the family securely enough. Sony had knowledge they were about to be hacked, knew their security systems sucked (and if they didn't, wow), left the information in plain text, and did not do anything about it before they got hacked.


You do know Sony is f'ing huge? Certainly takes more then a month to secure everything they have?

Shadowzz said,

You do know Sony is f'ing huge? Certainly takes more then a month to secure everything they have?
Sony also has a big bank balance, they could have easily hired the best people in the business to secure their systems to begin with. Being hacked with simple SQL injections like this show their complete disregard for protecting the data they were entrusted to keep safe.

Shadowzz said,
You do know Sony is f'ing huge? Certainly takes more then a month to secure everything they have?

Nobody implied otherwise. Taking the sites down until a security audit can be done is going to cost them much less than the absurd amount of bad publicity these attacks are bringing them, even more so as it looks like it's not going to end any time soon. Customers tend to forgive downtime, but having major security breaches repeatedly is going to hurt customer faith something ugly.

Aghares said,
They're saying "We stole all you personal info and releasing it on the internet, you stupids!" but they think they're saying "We're kicking Sony's ass! The world should love us!"... really, this is ridiculous. It's just like "We killed your family to show you the weakness of the police, in revenge for them to arrest one of our members". I still think some hackers should be decapitated in public...
You would care as much about your money as your about your family.

Well damn, they are sure making a statement. Looks like Sony finally ****ed in the wrong persons wheaties!

I feel bad for all the folks who are affected by this. Shame on these people for releasing it all as they are worse than Sony! They could have made the same "Sony Sucks" point (or whatever it is) w/o releasing the data.

The negative impact this will have on Sony's reputation will be huge.

Stop bitching about plaintext. EVERY website stores most user information in plaintext (names, email addresses, ip addresses, etc). The ONLY piece of information that is normally encrypted is the users password. And guess what--IT'S USUALLY MD5 ENCRYPTED. You guys want to whine about the way Sony stores user information? Well FYI Neowin stores it the EXACT SAME WAY.

dyl4n said,
Stop bitching about plaintext. EVERY website stores most user information in plaintext (names, email addresses, ip addresses, etc). The ONLY piece of information that is normally encrypted is the users password. And guess what--IT'S USUALLY MD5 ENCRYPTED. You guys want to whine about the way Sony stores user information? Well FYI Neowin stores it the EXACT SAME WAY.

FYI - MD5 is not an encryption algorithm. It's a hashing algorithm. Just sayin'

dyl4n said,
Stop bitching about plaintext. EVERY website stores most user information in plaintext (names, email addresses, ip addresses, etc). The ONLY piece of information that is normally encrypted is the users password. And guess what--IT'S USUALLY MD5 ENCRYPTED. You guys want to whine about the way Sony stores user information? Well FYI Neowin stores it the EXACT SAME WAY.
Mostly true but you can't be certain of how Neowin stores user information. Its perfectly possible for them to have modified the way IP.Board works, they probably haven't but unless you've seen the database/source files, you can't possibly know that.

So if you use the coupon codes wouldn't that mean you'd have to sign up for the Sony store and put in your personal info including name, address, and credit card number?!? Talk about irony!

Jarrichvdv said,
data stored in plaintext is unforgivable. Sony is big but unresponsible when it comes to security...

It's not just that though, even worse is that even the most novice of web programmers knows how to protect against SQL injections. Filter the data people enter into forms on your website, or this will happen.

TCLN Ryster said,
It's not just that though, even worse is that even the most novice of web programmers knows how to protect against SQL injections.

Indeed, think Sony's IT guys need a refresher course.. URL sanitizing is one of the very basic protections against a few types of attacks. This new attack was beyond sloppy on Sony's part.

(Spork) said,
lol sony messed with the wrong group a simple SQL injection .. Who the hell is running sony's security

They probably paid some freelancer 1-2 grands to make it and maintain it or w/e

This is getting ridiculous now. I'm worried with all of these attacks occuring, the US are going to start to actually implement an Internet ID as well as begin using military force to combat with these guys. If they do, I have a feeling it's us, the regular users who are going to feel affected the most...

Xxgreatestever said,
This is getting ridiculous now. I'm worried with all of these attacks occuring, the US are going to start to actually implement an Internet ID as well as begin using military force to combat with these guys. If they do, I have a feeling it's us, the regular users who are going to feel affected the most...

Or large corporations could stop being irresponsible with customers personal data and storing them in plaintext ^^;

Alyraelle said,

Or large corporations could stop being irresponsible with customers personal data and storing them in plaintext ^^;

Or better just pay a professional to do the job properly

Xxgreatestever said,
the US are going to start to actually implement an Internet ID

Internet ID for USA citizens only, good luck trying to implemnt that around the world.. and the Internet ID that Obama talks of is only for use with the US government websites.

Xxgreatestever said,
...begin using military force to combat ..
A war on Anonymous is about as good as a war on terror. A reason for war with no face or person to linch until they pick a target. And not only that, but its not hard to spoof where you're connected from in the world... and its certainly not hard to fly to that country, do your hack-hack thing in a cyber cafe and then fly out again.

Alyraelle said,

Or large corporations could stop being irresponsible with customers personal data and storing them in plaintext ^^;

This. I mean, for Christ sake. Sony should be the ones held accountable for not securing their records properly. We need tighter regulation on customer data across the industry IMO.

Xxgreatestever said,
This is getting ridiculous now. I'm worried with all of these attacks occuring, the US are going to start to actually implement an Internet ID as well as begin using military force to combat with these guys. If they do, I have a feeling it's us, the regular users who are going to feel affected the most...

"regular users" are the ones who are being affected by this already - it's our information that is being exposed. Granted, Sony and other corporations may need to be more responsible with our data, but that doesnt make it ok for these hacking groups to be so carefree with our personal information or the services we purchase.

Shadrack said,

This. I mean, for Christ sake. Sony should be the ones held accountable for not securing their records properly. We need tighter regulation on customer data across the industry IMO.

No, Sony should be held accountable for closing their platform and suing those who try to open it.

ixne_hombre said,

"regular users" are the ones who are being affected by this already - it's our information that is being exposed. Granted, Sony and other corporations may need to be more responsible with our data, but that doesnt make it ok for these hacking groups to be so carefree with our personal information or the services we purchase.

Do you think it's ok to support a corrupt company like Sony?

Don't talk like Sony's customers didn't do anything wrong.

Beaux said,
Do you think it's ok to support a corrupt company like Sony?

Don't talk like Sony's customers didn't do anything wrong.


So what did Sony's customers do that was so wrong?

Beaux said,
Do you think it's ok to support a corrupt company like Sony?

Don't talk like Sony's customers didn't do anything wrong.


What did Sony's customers do that is wrong? So if Coca-Cola were Anon's next target for being "corrupt", anyone drinks Coca-Cola is suddenly the enemy, and deserves to targeted?

Joseph B said,
Highly doubt anything would go down at E3, if it does... I can't begin to imagine the ramifications

Lol, just imagine if somebody modified the e3 powerpoint and added a slide like "PS3/PSN sucks, 360/live rules" that would be hilarious!

SteelToast said,

Lol, just imagine if somebody modified the e3 powerpoint and added a slide like "PS3/PSN sucks, 360/live rules" that would be hilarious!

And True.

Oh great, thanks for ****ing everyone aside from Sony over. You may have embarrassed Sony but the real damage will be done to the customers.

Solid Knight said,
Oh great, thanks for ****ing everyone aside from Sony over. You may have embarrassed Sony but the real damage will be done to the customers.

Well, most of this information can be found on 90% of peoples Facebooks where people willingly share it. Except the passwords of course, and some home addresses.
I am pretty sure the real damage is to Sony though, because the customers were "damaged."

Zappa859 said,

Well, most of this information can be found on 90% of peoples Facebooks where people willingly share it. Except the passwords of course, and some home addresses.
I am pretty sure the real damage is to Sony though, because the customers were "damaged."

Exactly, the damage to Sony comes from people being ****ed with Sony, they may be more ****ed with the hackers - but they aint paying the hackers any cash, or using their service, they're using Sonys service and its ther where their data was stolen from, over and over again.

This will damage Sony, far more than the figure they published the other week.

My comments here are not an agreement with whats going on, its bad **** and gone too far, but I also think Sony made a huge error of judgement when they decided to go after everyone and anyone who showed interest in homebrew/modding etc on their own hardware -- its backfired bigtime!

Zappa859 said,

Well, most of this information can be found on 90% of peoples Facebooks where people willingly share it. Except the passwords of course, and some home addresses.
I am pretty sure the real damage is to Sony though, because the customers were "damaged."

They put it in a publicized easy to get list. Further, a good chunk of people either don't have Facebook accounts or put this data on Facebook but they may have given their data to companies that require it for online goods purchasing. You're trying to dismiss who is hurt more by this action. Sony gets embarrassed by the breach but all those people got set up for potential identity theft or other forms of fraud. Further, the general public also has this idea that hackers can get anything so they'll be more ****ed at the hackers than Sony mostly because they don't understand what is and is not poor security practices.

Solid Knight said,
Oh great, thanks for ****ing everyone aside from Sony over. You may have embarrassed Sony but the real damage will be done to the customers.
Just stop being Sony's customer and you won't get hurt. It's pretty simple.

Sony must be regretting antagonising these guys by now. I have a feeling this is going to continue for quite some time.

Vice said,
Sony must be regretting antagonising these guys by now. I have a feeling this is going to continue for quite some time.

I have a feeling something will happen during E3....

Vice said,
Sony must be regretting antagonising these guys by now. I have a feeling this is going to continue for quite some time.
Yeah this is getting old. Wonder how many people will hit the chopping block because of this. No matter what, Sony's reputation is permanently damaged.

Tim Dawg said,
Yeah this is getting old. Wonder how many people will hit the chopping block because of this. No matter what, Sony's reputation is permanently damaged.

6 months from now this will be completely forgotten about, amazingly.

Amarok said,

6 months from now this will be completely forgotten about, amazingly.

Unless MORE attacks happen and the attacks don't seem to be letting up...

Kushan said,

Unless MORE attacks happen and the attacks don't seem to be letting up...


the view on these attacks is already switching towards hatred to the hackers.
Sony certainly lacks in securing their data, but common. Everything can get hacked if the haters got enough free time on their hands. Ah well, Sony will survive, noone will buy a TV, stereo or laptop less from Sony. Its mainly hurting their Playstation network. As they earn lots and lots of money already... Sony will win in the end.

Must say officials at Sony are awfully quiet about their 'counters'. I bet they're upto something

Shadowzz said,

the view on these attacks is already switching towards hatred to the hackers.
Sony certainly lacks in securing their data, but common. Everything can get hacked if the haters got enough free time on their hands. Ah well, Sony will survive, noone will buy a TV, stereo or laptop less from Sony. Its mainly hurting their Playstation network. As they earn lots and lots of money already... Sony will win in the end.

Must say officials at Sony are awfully quiet about their 'counters'. I bet they're upto something

Speak for yourself. I had my CC information compromised when the PSN network was hacked but I still fully support what the hackers are doing.

Shadowzz said,

the view on these attacks is already switching towards hatred to the hackers.
Sony certainly lacks in securing their data, but common. Everything can get hacked if the haters got enough free time on their hands. Ah well, Sony will survive, noone will buy a TV, stereo or laptop less from Sony. Its mainly hurting their Playstation network. As they earn lots and lots of money already... Sony will win in the end.

Must say officials at Sony are awfully quiet about their 'counters'. I bet they're upto something

Companies are attacked all the time, it's up to them to protect their clients, and it's Sony's fault for failing their customers.

LordBattleBeard said,
Speak for yourself. I had my CC information compromised when the PSN network was hacked but I still fully support what the hackers are doing.

So if I find your CC info floating around on the internet, you don't mind if i use it to sign up for porn sites?

LordBattleBeard said,
Speak for yourself. I had my CC information compromised when the PSN network was hacked but I still fully support what the hackers are doing.

What an utterly ridiculous statement.

ixne_hombre said,

So if I find your CC info floating around on the internet, you don't mind if i use it to sign up for porn sites?
Go ahead, I doubt the bank would see the charges as anything out of the ordinary... oh and I cancelled my card the moment the news broke.

LordBattleBeard said,
Go ahead, I doubt the bank would see the charges as anything out of the ordinary... oh and I cancelled my card the moment the news broke.

Just doesn't seem right that you should have take steps to protect your finances/lifestyle, just because you took part in one of Sony's services - you could have been victimized as the result of their "righteous crusade" against Sony.

ixne_hombre said,

So if I find your CC info floating around on the internet, you don't mind if i use it to sign up for porn sites?

i am pretty sure he will support "for a cause"

ixne_hombre said,

Just doesn't seem right that you should have take steps to protect your finances/lifestyle, just because you took part in one of Sony's services - you could have been victimized as the result of their "righteous crusade" against Sony.
To a point, I agree, but on the whole I don't. There is inevitably going to be casualties during war but from the way I see it, Sony waged the war against all hackers when they sued Geohot for jailbreaking the PS3. Its unfortunate that innocent people will get caught in the crossfire but if its the only way that Sony will take note, then so be it - IMO.

LordBattleBeard said,
To a point, I agree, but on the whole I don't. There is inevitably going to be casualties during war but from the way I see it, Sony waged the war against all hackers when they sued Geohot for jailbreaking the PS3. Its unfortunate that innocent people will get caught in the crossfire but if its the only way that Sony will take note, then so be it - IMO.

Fair enough - and that is probably the difference - you actually know (and care) what it is all about. But, for the average person out there, they could probably don't care a whit about geohot or his grand struggle - all they see is that the services they pay for are disrupted, and their personal data spread about the web.
If it is all about making a point, and showing the world that Sony is evil/bad, then hurting customers simply because they are customers isn't going to score the hackers any points. I guess my overall point is that Joe Public is not at fault here, and that the hackers need to be more responsible about who is affected or they will never get the level of support they need to really make a change.