Sony Hit By Second SQL Hack Of The Week
Under-siege technology giant Sony has fallen victim to yet another hacking attack, this time reportedly by a Lebanese hacker.
The culprit, known by the handle ‘Idahc’, compromised a Sony Europe Application Store database of usernames, passwords, mobile phone numbers and corporate email addresses, according to Sophos Canada senior security advisor Chester Wisniewski.
Idahc is claiming to have used standard SQL injection techniques to compromise the database and post the details of some 120 users online.
“Hello, I am Idahc a Lebanese hacker,” he wrote on the posting to Pastebin. “I was bored and I play the game of the year: hacker vs Sony.”
This is the 12th or 13th time Sony has been hacked in quick succession.
I think it is fair to say Sony has not learned anything from the previous 12 attacks,” said Wisneiwski.
“SQL injection flaw? Check. Plain text passwords? Check. People’s personally identifiable information totally unprotected? Check.”
Idahc was responsible for a hack on Sony Ericsson’s Canadian site in May and, while there appears to be limited malicious intent on his part, the details could be exploited by those with more pecuniary motives.
Earlier this week, Sony Pictures was apparently compromised by an SQL injection attack by a hacking group known as LulzSec, which said it obtained the account details of over one million users.
“If you are a database administrator (especially a Sony one) and want to avoid your sensitive data from ending up in the headlines, I recommend you actually test your web applications for SQL vulnerabilities,” said Wisniewski.
Post a reply
You must be logged in to post a comment.