This is according to hacking group LulzSec, which claims it obtained passwords, email addresses, home addresses and all of the Sony opt-in data associated with the accounts.
This news comes shortly after Sony confirmed the restoration of its PlayStation Network (PSN), after a hacking attack that led to millions of users' personal details being compromised.
LulzSec insists this latest attack was made to highlight the firm's lax security, pointing out that it was done using a run-of-the-mill SQL injection.
"Our goal here is not to come across as master hackers, hence what we're about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now," the hacking group wrote in a blog.
"From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?"
LulzSec also claims that all the data it obtained was unencrypted and even customer passwords were held in plaintext.