Sony Pictures Entertainment Attack (2011)

Sony suffered multiple SQL injection attacks, but the 2011 PlayStation Network breach stands out for its scale and impact. Attackers compromised 77 million user accounts, forcing Sony to shut down the PlayStation Network for 23 days. The attack exploited SQL injection vulnerabilities in Sony's web applications, allowing attackers to access user databases containing personal information, passwords, and credit card details.

-- Reconstructed attack pattern (simplified)
-- Original vulnerable query
SELECT * FROM users WHERE email = '$email' AND password = '$password'

-- Attacker input for email field
[email protected]' OR '1'='1' --

-- Resulting query granting access
SELECT * FROM users WHERE email = '[email protected]' OR '1'='1' --' AND password = ''

The breach cost Sony an estimated $171 million and resulted in numerous lawsuits. Congressional hearings followed, highlighting how a preventable technical vulnerability had massive real-world consequences. Sony's response included:

Complete infrastructure overhaul
Mandatory security training for all developers
Implementation of web application firewalls
Regular third-party security assessments