LONDON – Another massive data breach at Sony has left hackers exulting, customers steaming and security experts questioning why basic fixes haven't been made to the company's stricken cybersecurity program.

Hackers say they managed to steal a massive trove of personal information from Sony Pictures' website using a basic technique which they claim shows how poorly the company guards its users' secrets. Security experts agreed Friday, saying the company's security was bypassed by a well-known attack method by which rogue commands are used to extract sensitive data from poorly constructed websites.

"Any website worth its salt these days should be built to withstand such attacks," said Graham Cluley, of Web security firm Sophos. Coming on the heels of a massive security breach that compromised more than 100 million user accounts associated with Sony's PlayStation and online entertainment networks, Cluley said the latest attack suggested that hackers were lining up to give the company a kicking.

"They are becoming the whipping boy of the computer underground," he said.

In a joint statement from Michael Lynton, Chairman and Chief Executive Officer, and Amy Pascal, Co-Chairman, Sony Pictures Entertainment on Friday night acknowledged the breach and said the company had taken action "to protect against further intrusion."

"We have also retained a respected team of experts to conduct the forensic analysis of the attack," the statement said. It did not go into details about specific actions that will be taken to prevent future security breaches.

It wasn't clear how many people were affected. The hackers, who call themselves Lulz Security — a reference to the Internetspeak for "laugh out loud"_ boasted of compromising more than 1 million users' personal information — although it said that a lack of resources meant it could only leak a selection on the Web. Their claim could not be independently verified, but several people whose details were posted online confirmed their identities to The Associated Press.

Lulz Security ridiculed California-based Sony for the ease with which it stole the data, saying that the company stored peoples' passwords in a simple text file — something it called "disgraceful and insecure."

Several emails sent to accounts associated with the hackers as well as messages posted to the microblogging site Twitter were not returned, but in one of its tweets Lulz Security expressed no remorse.

"Hey innocent people whose data we leaked: blame Sony," it said.

Sony's customers — many of whom had given the company their information for sweepstakes draws — appeared to agree.

Tim Rillahan, a 39-year-old computer instructor in Ohio, said he was extremely upset to find his email address and password posted online for "the whole world to see."

"I have since been changing my passwords on every site that uses a login," he said in an email Friday. "Sony stored our passwords in plain text instead of encrypting the information. It shows little respect to us, their customers."

He and others complained that they had yet to hear from the company about the breach, news of which is nearly a day old.

John Bumgarner, the chief technology officer for the U.S. Cyber Consequences Unit — a research group devoted to monitoring Internet threats — was emphatic when asked whether users' passwords could be left unencrypted.

"Never, never, never," he said. "Passwords should always be hashed. Some kind of encryption should be used."

Bumgarner, who's been critical of Sony's security in the past, said the company needed to take a hard look at how it safeguards its data.

"It's time for Sony to press the reset button on their cybersecurity program before another incident occurs," he said.

___

Online:

Sony Pictures' Twitter account: http://twitter.com/sonypictures

Raphael G. Satter can be reached at: http://twitter.com/razhael

WASHINGTON – Workers who don't trust the boss to keep track of their wages can now do it themselves with a new smartphone application from the Department of Labor. But employers worry that the time sheet app, along with other new initiatives, could encourage even more wage and hour lawsuits.

The app, called DOL-Timesheet, lets workers calculate regular work hours, break time and overtime pay to create their own wage records. Department officials say the information could prove valuable in a dispute over pay or during a government investigation when an employer has failed to keep accurate records.

"This app will help empower workers to understand and stand up for their rights when employers have denied their hard-earned pay," Labor Secretary Hilda Solis said.

The app is the latest example of the Obama administration's push for more aggressive enforcement of wage and hour laws. The agency has hired about 300 more investigators to probe complaints of unpaid work time, lack of overtime pay and minimum wage violations.

Last year, the agency began a "Bridge to Justice" program that, for the first time, helps connect aggrieved workers with private lawyers if the department's Wage and Hour Division is too busy to handle a complaint.

As a result, legal experts say, wage and hour compliance has become a leading concern for employers as the new policies help drive up litigation over unpaid wages, also known as wage theft.

"The government is focusing on it like never before," said Gerald Maatman, an employer-side labor lawyer based in Chicago. "I think the mantra is kind of, `All enforcement, all the time, 24/7.'"

Workers brought a record number of wage and hour suits against employers last year, according to an analysis of court filings by Maatman's firm, Seyfarth Shaw. Nearly 6,800 such suits were filed in 2010, about 700 more than the previous year. Most were collective or class actions.

"The concern is that the Department of Labor is putting a lot more attention into this area and employers, at the same time, are putting more hours, more money and more work into auditing and complying with wage and hour laws," Maatman said. "It's turning into somewhat of a full-time job."

The stepped up enforcement is a change from the Bush administration, when some critics accused President George W. Bush's labor secretary, Elaine Chao, of favoring businesses and weakening job safety and enforcement efforts.

While employers are not surprised about increased enforcement, they have questioned some tactics, such as a program that gives workers a toll-free number to contact an attorney referral service run by the American Bar Association.

The Wage and Hour Division gets more than 35,000 calls a year for help and doesn't have the resources to deal with every claim. For those it can't help, it now refers them to the toll-free hot line, where they can be referred to a lawyer who specializes in wage and hour disputes.

Michael Kun, a management-side employment lawyer in Los Angeles, calls the program "a gift to plaintiff's lawyers."

"A DOL investigator has no incentive to pursue a meritless claim," Kun said. "A plaintiff's lawyer has some incentive to do that to get some sort of nuisance value."

Patricia Smith, the Labor Department's top lawyer, says the criticism has taken her by surprise. Before the Bridge to Justice program, the department simply told workers they had a private right of action.

"This just gives them a little more information if they want to exercise it, to go to an attorney that's qualified, as opposed to calling the guy who has advertisements on television at midnight," Smith said.

Nancy Leppink, who heads the Wage and Hour Division, says the office is just doing the job it's supposed to do, which is going after employers who cheat workers out of their hard-earned wages.

"To the extent we have employers who are not complying with the law, we have an obligation to look for all of the opportunities we can to change that behavior," Leppink said.

That includes the department's "We can help" advertising campaign last year, designed to educate employees in the food service, hospitality, apparel, manufacturing and construction industries about their legal rights under federal wage and hour laws.

Wage theft is especially prevalent among immigrant workers who don't speak English or hesitate to challenge their boss for fear of jeopardizing immigration status, labor officials say.

Earlier this year, for example, the department recovered $1.8 million in back wages for nearly 400 workers at the Houston-based Hong Kong Market grocery chain. Investigators found some employees worked as many as 70 hours a week, but were paid less than the minimum wage and denied overtime pay. Labor officials said the company deliberately misled investigators by falsifying payroll records.

The new smart phone app is expected to help low wage immigrant workers, many of whom can't afford a computer, but keep cell phones as a lifeline to family back home.

The app is currently available for the iPhone and iPod Touch, but the agency is exploring versions for use on other devices, including Blackberry and Android smartphones.

___

Online:

Labor Department's Hour and Wage Division: http://www.dol.gov/whd/

Seyfarth Shaw law firm: http://www.wagehourlitigation.com/

SAN FRANCISCO – Investors are clamoring to connect with the online networking service LinkedIn Corp. in the latest sign of the fervor for Internet companies that specialize in bringing together people with common interests.

The demand to buy a piece of LinkedIn is so intense that the 8-year-old company is expected to make its stock market debut Thursday with a value of at least $4 billion. That would make LinkedIn's initial public offering of stock the biggest by a U.S. Internet company since Google Inc. went public in 2004, according to the research firm Renaissance Capital.

The appetite for LinkedIn's IPO encouraged the company's bankers to raise the asking price by about 30 percent Tuesday to $42 to $45 per share. It won't be surprising if the IPO is priced even higher Wednesday evening and then sells for more than that Thursday morning when they are expected to begin trading on the New York Stock Exchange under the symbol "LNKD."

The IPO is expected to raise about $200 million for LinkedIn and produce $125 million to $135 million for existing stockholders, who plan to sell some of their shares. The biggest winner will be LinkedIn's co-founder and chairman, Reid Hoffman, whose 20 percent stake in the company will be worth more than $800 million.

The coming-out party on Wall Street for LinkedIn, which focuses on connecting professionals online, could be the prelude to even more excitement if several popular Internet companies decide to go public during the next year. The list of candidates includes the online messaging service Twitter, online game maker Zynga, online coupon service Groupon and the biggest social network of all, Facebook.

"LinkedIn will be used very heavily as a modeling tool for other companies in this space," predicted David Menlow, founder of research firm IPO Financial. "The pricing is going to have a dramatic effect. This is just the starting point for valuation adjustments."

Facebook is the most prized among the Internet companies still awaiting an IPO. It was valued at $50 billion as part of an investment organized in January by Goldman Sachs Group Inc., a major shareholder in LinkedIn. If Goldman Sachs follows through on its plan to sell its entire LinkedIn stake in the upcoming IPO, the bank would receive about $38 million at the mid-point of the targeted price range.

LinkedIn, based just down the street from Google's Mountain View, Calif. headquarters, has become profitable by building a website that acts both as a Rolodex and a hiring center.

People set up LinkedIn accounts to post the resume on a page and connect with current and past colleagues. LinkedIn members can then ask the people they know to introduce them to other connections that might help further their careers.

Although not nearly as popular as hanging out on Facebook, LinkedIn has emerged as a widely used directory. Through March, it had 102 million members and is adding another million each week.

The company gets about two-thirds of its revenue from fees that it charges for greater access to the website and more data about the expertise listed on each member's page. Businesses and job headhunters use LinkedIn to recruit people who might not even be looking for a job at the time. LinkedIn also has made money from business surveys of its members and a service that offer career advice to college graduates.

The rest of LinkedIn's revenue comes from Internet ads, which serve as the financial backbone for Google, Facebook and many other Internet companies.

The lofty appraisals being given LinkedIn and other online networking companies have raised worries of an investment meltdown if the businesses don't turn out to be as successful as enthusiastic investors anticipated.

That is what happened in the late 1990s when hundreds of unprofitable Internet companies attracted billions in venture capital and then went public to much fanfare. That led to a devastating collapse that still haunts Internet investors.

The big difference this time is that the current Internet darlings haven't rushed to the public markets. Instead, they are waiting until they have developed ways to make money while amassing massive audiences.

"These are serious businesses with huge global market opportunities ahead of them," said John O'Farrell, a partner with Andreessen Horowitz, a venture capital firm that owns stakes in Facebook, Twitter, Zynga and Groupon. "To an uninformed person, the valuations may look like a bubble, but we believe they will in fact prove to be very low valuations."

Last year, LinkedIn earned $3.4 million on revenue of $243 million. Its growth accelerated during the first three months of 2011, putting it on a pace to generate $500 million in revenue this year. Management, though, has warned that the company might lose money this year as it invests in more products and more computers to run its website as it tries to ward off competitive threats overseas.

If LinkedIn's IPO is priced at the mid-range target of $43.50 per share, the company would have a market value of $4.1 billion — about 17 times its 2010 revenue. By comparison, Google's current market value of $170 billion is less than six times its revenue last year. When Google went public, though, its market value of $24 billion was 16 times higher than its revenue from the previous year.

___

AP Business Writer Tali Arbel in New York contributed to this story.