Sony BMG Greece hacked, 8,385 users compromised

The hacks on Sony just never seem to end these days, with Sony BMG Greece the hackers’ latest target as they scour the technology company’s websites for unpatched vulnerabilities. An anonymous poster uploaded a user database from SonyMusic.gr to pastebin.com, including names and email addresses of 8,385 people registered to the site; passwords and telephone numbers are claimed to have been obtained as well however it appears this data is missing from the paste.

Security firm Sophos’ blog Naked Security mentioned how it is nearly impossible to run a fully secure website, and “as long as it is popular within the hacker community to expose Sony's flaws, we are likely to continue seeing successful attacks against them.” They then went on to mention how, after the whole ordeal has settled down, Sony may emerge as the most secure web presence.

The hackers of Sony BMG Greece apparently used an automated SQL injection tool to scrutinize every single Sony website for a flaw, eventually finding one in the SonyMusic.gr website. Naked Security mentions that this type of attack requires little skill, and advises (as we do as well) that any users of the website reset their password and keep diligent of any phishing attacks.

This is the eighth attack on Sony in the past two months, which has seen a mass scale DDoS of the PlayStation Network, followed by a crippling breaches that compromised over 100 million PSN and Sony Online Entertainment accounts, leaving the PSN offline for over three weeks. Due to these attacks, Sony’s annual profits, set to be revealed on Thursday, could be disappointing for investors in the company.

Image credit: Naked Security

Report a problem with article
Previous Story

TechSpot: Samsung Galaxy S II Review

Next Story

Staying Secure Online: Passwords

31 Comments

Commenting is disabled on this article.

Μπραβο σε ολους τους μαλακες που κρινανε το post μου.
Χερεστε μ@λ@κ3ς που ειπα κατι εναντιον για την Ελλαδα?

Τελικά δεν είσαι απλά μ@λ@κ@ς, επιμένεις κι όλας, αυτό σε κάνει μ@λ@κ@ στο τετράγωνο!

Naked Security mentions that this type of attack requires little skill

Nice, so tell us how come such an easy thing to detect was not taken care of in the first place on Sony's servers by their employees? It's time companies like this learn the responsabilities they have with our private information.

Patchou said,

Nice, so tell us how come such an easy thing to detect was not taken care of in the first place on Sony's servers by their employees? It's time companies like this learn the responsabilities they have with our private information.

Cause they obviously paid a free lancher kid to make the website

SQL Injection at 2011, nough said.
Congratz on using some random free lancer to make you a site for a company of that size.

ps: Im greek.

Regardless of whether it's a fight or not for the consumer, there's no doubt that these attacks are creating distrust with Sony. Saw a friend of mine just yesterday putting up her PS3, PSP, games, and accessories up for sale on Craigslist. I thought maybe she was just tired of gaming, but then she also offered to trade for an Xbox system...

Really sucks to be Sony right now.

This is just pure malice at this point. It's not about the consumer, its not about anyones rights, it's just pure simple malice. You don't expose supposedly private info of innocent third parties just to prove a point, no mater how ****ed you are.

You may think that Sony deserves it, but the peoples whos data is exposed dont.

Einlander said,
This is just pure malice at this point. It's not about the consumer, its not about anyones rights, it's just pure simple malice. You don't expose supposedly private info of innocent third parties just to prove a point, no mater how ****ed you are.

You may think that Sony deserves it, but the peoples whos data is exposed don't.

So what was the war in iraq? Malice? We didn't find WMD's, but yet we stayed anyway...Malice? What is your definition of the point where it turns from being for something, to just malice? Should we have only stayed in Iraq for 2 days, and then left? What about Afghanistan? WW2? Korea? Vietnam? You claim that the peoples whos data is exposed don't deserve it, but you know what? just like any war, there is going to be collateral damage. Maybe this is a wakeup message to sony's user base that they need to drop any association with sony and get out before more attacks come?

I don't think hacking is the right answer, but you have to admit that Big Movie/Big Music is out of control lately and just like Osama or Saddam, someone needs to fight back someway, somehow against them, or else they'll continue doing what their doing. Hacking is not the right answer, but if it gets a message to Sony or any other large music industry company, then maybe it works for now.

SirEvan said,

So what was the war in iraq? Malice? We didn't find WMD's, but yet we stayed anyway...Malice? What is your definition of the point where it turns from being for something, to just malice? Should we have only stayed in Iraq for 2 days, and then left? What about Afghanistan? WW2? Korea? Vietnam? You claim that the peoples whos data is exposed don't deserve it, but you know what? just like any war, there is going to be collateral damage. Maybe this is a wakeup message to sony's user base that they need to drop any association with sony and get out before more attacks come?

I don't think hacking is the right answer, but you have to admit that Big Movie/Big Music is out of control lately and just like Osama or Saddam, someone needs to fight back someway, somehow against them, or else they'll continue doing what their doing. Hacking is not the right answer, but if it gets a message to Sony or any other large music industry company, then maybe it works for now.

Very funny. Justification of something bad b/c others have done it, is only poor justification. Also, you need to know what collateral damage is. Collateral damage is defined as <i>unintended</i> damages to civilians. Posting people's personal data is NOT unintended. You say you don't think hacking is the right answer, but then you feel it's justified. Make up your mind. Yes, you want to stick it to the big company, but there are ways to go directly at the company that don't have to hurt other people.

Einlander said,
This is just pure malice at this point. It's not about the consumer, its not about anyones rights, it's just pure simple malice. You don't expose supposedly private info of innocent third parties just to prove a point, no mater how ****ed you are.

You may think that Sony deserves it, but the peoples whos data is exposed dont.

It is pure incompetence on sony's part at this point. After all this crap they still have users data exposed in unsecure ways.

I know Sony fanboys will forever be making excuses for them but come on, after all this crap security should be Sony's #1 focus and crap like this should not continue to happen like it is.

Shock Doc said,
This is getting ridiculous. I don't care what these hackers are fighting for... The end does not justify the means.

There's no justification to what is being done here. In saying that, Sony was sitting in a glass house, screaming real loud, asking for attention. They got some

Whats being done here is continual 'should have been addressed a long time ago' web flaws within the sony network being pointed out. Of course with this flaw comes customer details as sony don't bother with encryption - so the result is a ****ed off customer base who then likely will move on to do business with another more 'secure' company.

Im interested to see which Dec 28 or April 19 had a more detrimental effect to their investors, and if their earnings dropped more in this past month than in Janurary.

Every Greek site is very easy to hack.
It's Greek what do you expect?
I'm also Greek and since I'm Greek I have the right to say that.

MariosX said,
Every Greek site is very easy to hack.
It's Greek what do you expect?
I'm also Greek and since I'm Greek I have the right to say that.

Είσαι και Greek αλλά και

MariosX said,
Every Greek site is very easy to hack.
It's Greek what do you expect?
I'm also Greek and since I'm Greek I have the right to say that.

Go hack a greek famous site and gimme a call to congratulate you

MariosX said,
Every Greek site is very easy to hack.
It's Greek what do you expect?
I'm also Greek and since I'm Greek I have the right to say that.

They already enter ministries' sites, banks etc and play ball, you think Sony would be a difficult target? lol

MariosX said,
Every Greek site is very easy to hack.
It's Greek what do you expect?
I'm also Greek and since I'm Greek I have the right to say that.

how much μαλ.. you are ρε..

They must be starting to feel like Microsoft. Bill Gates has always said that if people weren't hacking Windows then it must not be popular and have a large user base. Them being hacked makes then stronger and more secure then the other guys because they are now having to change anything they had to make themselves better against these attacks.