Sony services attacked: personal information and encrypted passwords stolen

The PlayStation Network may be on its way to recovery, but it seems online criminals are continuing to wage war with Sony and its properties. Late last week, we reported on an attack on So-net, a Japanese Internet Service Provider that is majority-owned by the Sony Corporation. A thief made off with $1225 of gift points from unsuspecting customers. This time around, the attack is on a well-known brand: Sony Ericsson, the 50-50 joint venture between Sony and the Swedish firm Ericsson. This attack followed two additional attacks on regional Sony Music services.

According to the Toronto Star, Sony Ericsson Canada's database for its Eshop store was breached. In a move that seems all too familiar with the PlayStation Network attacks, names, email addresses, and encrypted passwords were stolen from 2000 customers. The platform used to host Sony Ericsson Canada's e-commerce services has been disabled for the time being. A Lebanese group named "Idahca" claimed responsibility for this attack.

The Star also reported on two attacks on Sony Music for Greece and Japan. The attack on the Greek music service had personal, but non-confidental, information of 8500 users leaked to a public website. A similar attack was launched on Sony Music Japan, with the text "stupid Sony, so very stupid" inserted into the leaked data they posted online. The party responsible for this was "Lulz Security," a group that attacks sites for political reasons. Anonymous offshoot, anyone?

Report a problem with article
Previous Story

Final Xbox founder departs Microsoft

Next Story

BT reveals plans for LTE tests in the UK

56 Comments

Commenting is disabled on this article.

This could be giving governments more ammo for their quest to have more control over the Internet. The good, if any, out of this is being quickly outweighed by the repercussions.

Imani said,
This could be giving governments more ammo for their quest to have more control over the Internet. The good, if any, out of this is being quickly outweighed by the repercussions.

even if the gov gets me control over the nets. if your online your still can get hacked. nothing stopping a party from owning your servers. lol

perochan said,
this is getting ridiculous. ill be a happy man the day Sony or whoever announce that all those hackers are arrested.
As you sow so shall you reap.

And they're succeeding.

Sony attacked the "hacker", now the "hacker" attacks Sony.

You play with fire, you get burnt.

Sony is getting what they deserve, however I am sad to hear Ericsson is affected by this too though . I somehow get the feeling that the people attacking Sony might not even want the information they are obtaining, they are simply kicking Sony's ass to ruin them financially and politically.

The only good to come out of this is that Sony might end up having some of the most secure servers in the world by the end of 2011.

dead.cell said,
The only good to come out of this is that Sony might end up having some of the most secure servers in the world by the end of 2011.

I agree but it's definitely hurting the brand.

So who wanna take bets that the PSN will go down again ? Something tells me that some hackers are just waiting for the PSN to fully recover so that the fall is even harder.

Wow, some of you are pretty immature or are just kids.... Sony isn't being hurt by all these attacks. It is all the innocent people who's information is being stolen. This isn't good for any one in any way. Grow up with some of your views about big bad companies. These are the issues that affect everyone. This is why the internet will get clamped down and more regulations will be put upon the people and services. Keep rooting for hackers, it won't do any good in the long run.

shakey said,
Wow, some of you are pretty immature or are just kids.... Sony isn't being hurt by all these attacks. It is all the innocent people who's information is being stolen. This isn't good for any one in any way. Grow up with some of your views about big bad companies. These are the issues that affect everyone. This is why the internet will get clamped down and more regulations will be put upon the people and services. Keep rooting for hackers, it won't do any good in the long run.

Might want to rephrase that. Yes, there's no denying that this affects their customers, but to say that this doesn't hurt Sony is outrageous.

They've lost plenty of money and a lot of trust people once had with Sony, whether it be investors, developers, or their customer base as well.

shakey said,
Wow, some of you are pretty immature or are just kids.... Sony isn't being hurt by all these attacks. It is all the innocent people who's information is being stolen. This isn't good for any one in any way. Grow up with some of your views about big bad companies. These are the issues that affect everyone. This is why the internet will get clamped down and more regulations will be put upon the people and services. Keep rooting for hackers, it won't do any good in the long run.

You went from delusional to madman.

shakey said,
Sony isn't being hurt by all these attacks.
I wish millions/billions of dollars in losses wouldn't hurt me.

shakey said,
Wow, some of you are pretty immature or are just kids.... Sony isn't being hurt by all these attacks. It is all the innocent people who's information is being stolen. This isn't good for any one in any way. Grow up with some of your views about big bad companies. These are the issues that affect everyone. This is why the internet will get clamped down and more regulations will be put upon the people and services. Keep rooting for hackers, it won't do any good in the long run.
Not sure if serious...

Neowin could open a new section: "All bout Sony hacks and timelines"
Seems like this trend is going to keep up and needs constant updating

UndergroundWire said,
Who? I want names NOW! Oh wait they are ANONYMOUS!!!!

That's okay, I'll just write up a list from the Anonymous page on Facebook. That should be enough evidence to work with the FBI! /aaronbarr

Oz. said,
...next time do not **** with people like geohot )

Ah yes, because Sony are the ones truly being hurt, not the innocent people whose information is being stolen. Get real, Sony will continue to be a giant, and normal people will be the ones truly getting screwed.

schubb2003 said,

Ah yes, because Sony are the ones truly being hurt, not the innocent people whose information is being stolen. Get real, Sony will continue to be a giant, and normal people will be the ones truly getting screwed.

That makes some stupid "normal people". They could stop supporting Sony.

Oz. said,
...next time do not **** with people like geohot )

Go a little further back. They should have never removed OtherOs which was a selling feature to begin with. Thats the beginning of this saga.

StevenMalone77 said,
Go a little further back. They should have never removed OtherOs which was a selling feature to begin with. Thats the beginning of this saga.

*It was never a "selling" feature*.

It was a feature, period. You couldn't even get an "Other OS" from Sony, you had to seek out a third party. The PS3 is a video game system/blu-ray player with media streaming and internet capability. For those they have *added* functionality (DTS, BD Live, 3D, DVD upconversion) far more useful to the public at large, not a bunch of basement hackers who in turn used the other OS capability to open the door for piracy.

I wouldnt be totaly suprised if in reality geohot was behind this attacks, we know he probably have skills needed, question is if he is angry enough to do something like this.

SoLoR1 said,
I wouldnt be totaly suprised if in reality geohot was behind this attacks, we know he probably have skills needed, question is if he is angry enough to do something like this.

The idiot got money and was left alone by Sony. I'm sure he's quite happy with his bank balance.

It was funny at first (even though my data was amongst those comprimised) but now its getting to the point of WTF?!

What ARE they running their servers on? Windows 98 with no firewall and an early version of IIS, or maybe not even that advanced. Someone really has it in for Sony or word has got out that their systems are so poorly looked after that everyone and his dog is having a go

Teebor said,
It was funny at first (even though my data was amongst those comprimised) but now its getting to the point of WTF?!

What ARE they running their servers on? Windows 98 with no firewall and an early version of IIS, or maybe not even that advanced. Someone really has it in for Sony or word has got out that their systems are so poorly looked after that everyone and his dog is having a go


Shhhhh!!! They're running Linux. But don't tell anyone or you'd be burned.

Teebor said,
What ARE they running their servers on? Windows 98 with no firewall and an early version of IIS, or maybe not even that advanced. Someone really has it in for Sony or word has got out that their systems are so poorly looked after that everyone and his dog is having a go

I had heard from a contact named Mr Wong whilst inquiring about some replacement travelers chqs that they still used DOS 6.22 + WfW 3.11

Northgrove said,
We'd live in a happy world if a modern OS choice was a decisive factor on how secure a network would be.

It helps.

Why does neowin insist on calling Sony Ericsson Sony? Sony Ericsson may share the word Sony and 50% of their board with them but calling them Sony is just INCORRECT, they are two separate companies. Neowin/the author just looks stupid when writing things like this.

mikrokiwi said,
Why does neowin insist on calling Sony Ericsson Sony? Sony Ericsson may share the word Sony and 50% of their board with them but calling them Sony is just INCORRECT, they are two separate companies. Neowin/the author just looks stupid when writing things like this.
No where does it say just plain "Sony" from what I read, it says "Sony services" and "Sony properties"

mikrokiwi said,
Why does neowin insist on calling Sony Ericsson Sony? Sony Ericsson may share the word Sony and 50% of their board with them but calling them Sony is just INCORRECT, they are two separate companies. Neowin/the author just looks stupid when writing things like this.

You look stupid by posting this. Did you even read the full article? or just saw one LOGO?

Looks like it's time to reiterate those best practices across all of Sony's data-centers and servers. This is totally outrageous now. However, this is probably best for Sony as a whole. They need to understand that customer data should be heavily guarded if they want to continue doing business with people.

Sony was the first company that, almost 10 years ago, brought my attention to the corruption of big corporations. It's nice to see this stuff in the news.

Beaux said,
Sony was the first company that, almost 10 years ago, brought my attention to the corruption of big corporations. It's nice to see this stuff in the news.

+1

Beaux said,
Sony was the first company that, almost 10 years ago, brought my attention to the corruption of big corporations. It's nice to see this stuff in the news.

Please.
BMG's rootkit does not equal complete corporate corruption (BMG being a separate entity under the Sony corporate umbrella).
Pretty much all large companies have had issues and shady practices. Thinking this is somehow "good" news is ignorant.

PeterTHX said,

Please.
BMG's rootkit does not equal complete corporate corruption (BMG being a separate entity under the Sony corporate umbrella).
Pretty much all large companies have had issues and shady practices. Thinking this is somehow "good" news is ignorant.

I wasn't talking about the rootkits... That was closer to 5 than 10 years ago.

And what am I ignoring?

Sony has really been made a fool out of. What infrastructure have they been running on all they're networks anyways?

MrTwentyfour said,
Sony has really been made a fool out of. What infrastructure have they been running on all they're networks anyways?

Well since big companies rarely update security unless it is breached they could have been running on almost anything.

De.Bug said,

Well since big companies rarely update security unless it is breached they could have been running on almost anything.
Rarely? Really?

You can't be further from the truth. Every major company in the world updates their security infrastructure to protect company and customer data. Sometimes they get behind the most up to date security technologies for many reasons, but that doesn't mean they rarely update.

On topic, Sony is being targeted worldwide. I can't remember any other company that got attacked as much as Sony has been in the past few months. Isolated events? Maybe, but its weird given the number of services and Sony networks that has been breached. There must be a reason behind all this.

djdanster said,
Ok, this is getting ridiculous...

Somebody has it out to DESTROY sony.
Well, they practically brought it on themselves by waging war against hackers.