And the onslaught against Sony continues...
On Friday, Sony BMG Greece was hacked and the details of more than 8,000 users stolen. This week, Sony Music Japan and Sony Ericsson were the targets. In the attack against Sony’s Greek website, hackers supposedly used an automated SQL injection tool to find a flaw and obtain user information. Though that event took play on May 5, it seems Sony Music Japan has fallen victim to a similar attack.
Hacker News reports that a team calling itself LulzSec this week released a database of Sony Japan Music’s via a pastebin link posted to the team’s Twitter account. According to Sophos, this group of attackers also used a SQL injection but the database information obtained does not contain names, passwords or other personally identifiable information. The hackers say there are two other vulnerable databases but whether or not these contain sensitive user information is unknown.
The attack against Sony Music Japan is embarrassing, but unfortunately for Sony, it wasn’t the only attack to occur over the weekend; Sony Ericsson was also targeted by an intrusion and in this instance, the personal data of 2,000 Canadian Eshop customers was stolen. The company says passwords were encrypted and no credit card details were stolen. Nice as that is, the embarrassment factor is probably reaching almost unbearable levels for Sony.