Skip to main content

Sony BMG Greece website hacked, user data revealed

sony-logo-largeSony‘s nightmare continues this week, with with news out today that hackers infiltrated the Sony BMG Greece on May 5, and stole users’ personal data, some of which was then posted online this weekend.

News of the hack comes via Hacker News, which reports that an anonymous user, who goes by the name b4d_vipera, uploaded a database of user information to pastebin.com. The database includes the names and email addresses of people registered to the SonyMusic.gr website.

According to Naked Security‘s Chester Wisniewski, the hackers appear to have used an SQL injection tool to discover the flaw in Sony’s security. This type of hack is “not something that requires a particularly skillful attacker,” writes Wisniewski, “but simply the diligence to comb through Sony website after website until a security flaw is found.”

Sony has become the target of choice for hackers, who hope to expose the company’s security flaws. On Friday security researchers discovered a phishing attack site stored on Sony’s server, which was accessible through one of Sony’s Thailand websites. And only days before that, Sony was forced to shut down a number of its websites, including the password reset page for its crippled PlayStation Network.

All of this, of course, was preceded by two attacks on Sony’s PSN and Qirocity services, which resulted in a complete shutdown of the network, the theft of nearly 13 million credit cards, and the jeopardization of personal data of approximately 100 million users around the world.

Sony’s battle with hackers is likely far from over. As Wisniewski points out: “As long as it is popular within the hacker community to expose Sony’s flaws, we are likely to continue seeing successful attacks against them.”

Users of SonyMusic.gr should reset their passwords as soon as possible. And, if you’re planning on joining a Sony service anytime soon, you might want to wait a little while, until this whole thing blows over.

Andrew Couts
Former Digital Trends Contributor
Features Editor for Digital Trends, Andrew Couts covers a wide swath of consumer technology topics, with particular focus on…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more