Sony‘s nightmare continues this week, with with news out today that hackers infiltrated the Sony BMG Greece on May 5, and stole users’ personal data, some of which was then posted online this weekend.
News of the hack comes via Hacker News, which reports that an anonymous user, who goes by the name b4d_vipera, uploaded a database of user information to pastebin.com. The database includes the names and email addresses of people registered to the SonyMusic.gr website.
According to Naked Security‘s Chester Wisniewski, the hackers appear to have used an SQL injection tool to discover the flaw in Sony’s security. This type of hack is “not something that requires a particularly skillful attacker,” writes Wisniewski, “but simply the diligence to comb through Sony website after website until a security flaw is found.”
Sony has become the target of choice for hackers, who hope to expose the company’s security flaws. On Friday security researchers discovered a phishing attack site stored on Sony’s server, which was accessible through one of Sony’s Thailand websites. And only days before that, Sony was forced to shut down a number of its websites, including the password reset page for its crippled PlayStation Network.
All of this, of course, was preceded by two attacks on Sony’s PSN and Qirocity services, which resulted in a complete shutdown of the network, the theft of nearly 13 million credit cards, and the jeopardization of personal data of approximately 100 million users around the world.
Sony’s battle with hackers is likely far from over. As Wisniewski points out: “As long as it is popular within the hacker community to expose Sony’s flaws, we are likely to continue seeing successful attacks against them.”
Users of SonyMusic.gr should reset their passwords as soon as possible. And, if you’re planning on joining a Sony service anytime soon, you might want to wait a little while, until this whole thing blows over.
