2nd LulzSec hacker arrested for Sony Pictures attack

U.S. authorities have arrested a second member of the hacking group known as LulzSec in connection with a cyber attack against Sony Pictures Entertainmentthat saw the leaking of thousands of emails, phone numbers, passwords and other personal details of people who had entered Sony contests.

Raynaldo Rivera, 20, of Tempe, Ariz., surrendered to the FBI in Phoenix on Tuesday, the law enforcement agency said in apress release.

Rivera was indicted by a federal grand jury in Los Angeles last week,and the indictment was unsealed Tuesday.

Heis charged with conspiracy and the unauthorized impairment of a protected computer and could face up to 15 years in prison.

Rivera appeared before a federal magistrate in U.S. District Court in Phoenix Tuesday and will be back in a Los Angeles court on Sept. 14.

Another member of LulzSec, Cody Kretsinger, pleaded guilty in April to charges related to the attack and is to be sentenced on Oct. 25.

Offshoot of Anonymous

U.S. authorities accuse Rivera, who used theonline monikers"neuron," "royal" and "wildicv,"of belonging to a group of hackers known as LulzSec, or Lulz Security, whose tag line on its website at one point was "laughing at your security since 2011" and which in June 2011 hacked into the website of the U.S. Senate.

LulzSec is believed to be an offshoot of the international hacking collective Anonymous, whichcame to prominencein 2010 with a series of high-profile attacks against companies that boycotted the online activist group WikiLeaksafter itreleased a series of classified U.S. diplomatic cables.

Several LulzSec members allegedly hacked into Sony's computer system in May and June 2011, using what is known as anSQL injection attack, which exploits vulnerabilities in the data-input processes of computer databases.

They posted confidential information obtained from Sony's computer systemsonto the LulzSec website and Twitter account, the FBI said. In the wake of the attack, Sonysaid that as many as37,500 of its customers who filled in personaldetails for promotions or sweepstakes may have been affected by the breach.

The breached databases did not include credit card information, but aseparate cyberattackagainst Sony's PlayStation Network that took place just a few weeks earlier did potentially leak the credit card details of millions of PlayStation users.

That breach has not been attributed to any specific group.