Back in early May Sony’s PlayStation Network (PSN) was hacked, with millions of customers information, including password and credit card information, stolen, and then a couple of weeks later when PSN was back online, it was immediately hacked again because the new PSN simply asked the users to change their passwords, and the hackers have the password-retrieving information from the 1st hacking.

Then soon, Sony Ericsson Canada’s website is hacked with customer information stolen.

And what do you know: A group called LulzSec today announced that they took about a million usernames and passwords in the US, the Netherlands and Belgium from SonyPictures.com. They actually made it available for download, to me, that’s totally not cool.

Not surprisingly, according to these hackers, all these information is not encrypted at all:

“Our goal here is not to come across as master hackers, hence what we’re about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now,” the group wrote. “From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?”

Hacking a website to show off that you can and to warn the hacked website of its fragile security is one thing, using the stolen information for someone’s own profit or carelessly making it publicly available is another.

I’m sure Sony gets a message about its privacy protection is too weak, but why is Sony becoming almost like a lab test mouse to the hacking communities? Why targeting Sony? Personally, somehow I get a feeling that it has something to do with Sony being extra tough on Geohot who hacked the PS3, which might have ignited the fire of revenge from the hackers around the world.

Just my theory, what do you think?

Let us know.

P.S. If you have ever purchased anything from Sony, now is a good time to call them to delete your profile, if they can.