Exposing Sony’s security flaws is so in right now.
As everyone is well aware, it has been a rough month or so for Sony. Although Sony’s troubles began with original hacks by the group Anonymous months ago, it was the attack by a still unknown source on April 19th that opened the floodgates.
Sony was forced to take its PlayStation Network offline due to an “external intrusion” back in April. About a week later, Sony revealed that user information had be stolen. Although they have yet to ever officially declare the loss of credit card information with the PSN breach, many speculate that it was indeed compromised.
Earlier this month, Sony revealed that their computer gaming network, Sony Online Entertainment was also compromised as part of the attacks on the PSN. In this case, not only was personal information taken, but debit records of Austrian, German and Spanish customers were also lost.
Just last week, Sony was forced to take down many log-in pages as it was discovered that hackers were able to change users’ passwords simply by possessing their usernames and dates of birth. Sony denied that this was a new “hack,” instead saying that it was a “URL exploit” that needed to be addressed.
Today we can tell you that the assault on Sony continues, as their BMG Greece music site has been hacked, and user information posted online.
A user database consisting of real names, usernames, email addresses and more of those registered on SonyMusic.gr has been uploaded to pastebin.com.
Someone has taken credit for the hack and subsequent information dump, as Hacker News details. It says that the hacker used SQL injection methods and that the hack was successful in exposing 8385 users’ information.
It’s likely that these hacks against Sony’s various sites will continue, as long as Sony remains a top target of hackers. Naked Security blog makes a good point about the continued attacks:
It is nearly impossible to run a totally secure web presence, especially when you are the size of Sony. As long as it is popular within the hacker community to expose Sony’s flaws, we are likely to continue seeing successful attacks against them.
While it’s cruel to kick someone while they’re down, when this is over, Sony may end up being one of the most secure web assets on the net.
What doesn’t kill you, I guess…
But what have the recent attacks cost Sony? Ponemon Institute has provided an infographic on the subject, complete with the real world cost of grandparents and grandchildren being unable to play Call of Duty with each other. Check it out: