The hacks on Sony just never seem to end these days, with Sony BMG Greece the hackers’ latest target as they scour the technology company’s websites for unpatched vulnerabilities. An anonymous poster uploaded a user database from SonyMusic.gr to pastebin.com, including names and email addresses of 8,385 people registered to the site; passwords and telephone numbers are claimed to have been obtained as well however it appears this data is missing from the paste.
Security firm Sophos’ blog Naked Security mentioned how it is nearly impossible to run a fully secure website, and “as long as it is popular within the hacker community to expose Sony's flaws, we are likely to continue seeing successful attacks against them.” They then went on to mention how, after the whole ordeal has settled down, Sony may emerge as the most secure web presence.
The hackers of Sony BMG Greece apparently used an automated SQL injection tool to scrutinize every single Sony website for a flaw, eventually finding one in the SonyMusic.gr website. Naked Security mentions that this type of attack requires little skill, and advises (as we do as well) that any users of the website reset their password and keep diligent of any phishing attacks.
This is the eighth attack on Sony in the past two months, which has seen a mass scale DDoS of the PlayStation Network, followed by a crippling breaches that compromised over 100 million PSN and Sony Online Entertainment accounts, leaving the PSN offline for over three weeks. Due to these attacks, Sony’s annual profits, set to be revealed on Thursday, could be disappointing for investors in the company.
Image credit: Naked Security