Sony Pictures on Friday confirmed that its Web sites were hacked by a group that identifies itself as LulzSec.
LulzSec, meanwhile, said tonight that it also hacked into FBI-affiliated Web sites.
"The cybercrime wave that has affected Sony companies and a number of government agencies, businesses and individuals in recent months has hit Sony Pictures as well," Michael Lynton, chairman and CEO, and Amy Pascal, co-chairman of Sony Pictures, said in a joint statement. "We have confirmed that a breach has occurred and have taken action to protect against further intrusion."
Yesterday, LulzSec said it hacked into SonyPictures.com and compromised the personal information of more than 1 million users. "Releasing some @Sony embarrassment in a few minutes. Just finishing our torrent!" the group tweeted.
Lynton and Pascal said Sony Pictures has "retained a respected team of experts to conduct the forensic analysis of the attack, which is ongoing." The company has also contacted the FBI, and is working with them "to assist in the identification and apprehension of those responsible for this crime."
"We deeply regret and apologize for any inconvenience caused to consumers by this cybercrime," Lynton and Pascal concluded.
The news came the same day that Sony brought the Sony PlayStation store back online after a separate massive hack, and appeared on Capitol Hill to say there was no "clear evidence" that hackers accessed credit card information on its PlayStation Network. The company, however, said it and other tech companies are vulnerable to future attacks absent any action from Congress.
Those attacks are apparently coming courtesy of LulzSec, which describes itself as "a small team of lulzy individuals who feel the drabness of the cyber community is a burden on what matters: fun."
On Friday, LulzSec said it had also hacked the Web site for the Atlanta chaper of Infragard, an FBI-affiliated site, "and leaked its user base." The group also claims to have taken "complete control over the site and defaced it."
LulzSec said it obtained about 180 log-ins, which it acknowledged is not that many, but "we'd like to take the time to point out that all of them are affiliated with the FBI in some way," the group said in a note. "Most of them reuse their passwords in other places, which is heavily frowned upon in the FBI/Infragard handbook and generally everywhere else too."
The group said it targeted the FBI because the Obama administration now treats hacking "as an act of war." In a recent international strategy statement on cyber-security, the White House said the U.S. would "respond to hostile acts in cyberspace as we would to any other threat to our country."
One of LulzSec's targets was Unveillance, a whitehat company that specializes in data breaches and botnets. LulzSec said they stole the work and personal emails of Unveillance CEO Karim Hijazi, and then contacted Hijazi to disclose what they had done.
After that, it becomes somewhat of a he-said, she-said situation. LulzSec contends that Hijazi "offered to pay us to eliminate his competitors through illegal hacking means in return for our silence." In a statement, Hijazi said LulzSec "made threats against me and my company to try to obtain money as well as to force me into revealing sensitive data about my botnet intelligence."
Hijazi posted chat logs from discussions he had with members of LulzSec. "Let's just simplify: you have lots of money, we want more money," one member told Hijazi.
"Plain and simple, I refused to comply with their demands. Because of this, they followed through in their threats – and attacked me, my business and my personal reputation," Hijazi responded.
In a later tweet, LulzSec said, "to clarify: it was not our goal to extort anything from Karim at @Unveillance - we were merely testing if he would fold or not."
Hijazi, meanwhile, stressed that Unveillance was "able to protect the sensitive data which LulzSec was ultimately after. All they have stolen and publicly dumped are my personal and work emails."
Editor's Note: This story was updated Saturday with comment from Hijazi.