Skip to main content

Sony hacked once again, phishing site found on server

Image used with permission by copyright holder

It’s official: Sony‘s hacker problems are never going away. After repeat attacks to its PlayStation Network over the past month, researchers from cyber security firm F-Secure have discovered a phishing attack site hosted on a Sony server. So yes, Sony has been hacked again. This time, however, the PSN is safe. But the previous hacks to it system appear to have left Sony’s entire online infrastructure vulnerable to attacks like this one.

The phishing site is accessed through a sub-domain of Sony’s Thailand website, hdworld.sony.co.th (do not visit). The attack site targets an Italian credit card company, Carta Si. Users of Google’s Chrome browser who try to access the site (for whatever dumb reason) will find that the site has already been flagged as malicious.

Phishing attack sites work by tricking people into entering in their login credentials and other private data into a fake website, which poses to be something legitimate. In this case, it’s a website, hosted on Sony’s servers, which is made to look like a credit card company. Anyone who foolishly enters their data into the phishing site will presumably face the wrath of whatever hacker decides to go on a spending spree on their dime (or euro, as the case may be).

Hopefully, researchers caught the phishing site before anyone fell for the ploy. Regardless, it would seem as though the damage is done for Sony, who has been under intense scrutiny since the April 19 hack of its servers, which led to the theft of nearly 13 million credit cards and left the personal data of as much as 100 million people around the world at risk.

Earlier this week, Sony was forced to shut down a number of websites, including the PlayStation Network password reset page, after hackers were using stolen credentials to infiltrate users’ accounts.It’s entirely possible — in fact, likely — that this most recent attack was made possible because of the increased vulnerability of Sony’s systems that is due to information stolen in the initial attacks.

So there you have it. Sony has been hit once again, and it probably won’t be the last time. Really, at this point, we just feel sorry for them.

Andrew Couts
Former Digital Trends Contributor
Features Editor for Digital Trends, Andrew Couts covers a wide swath of consumer technology topics, with particular focus on…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more