{"id":1650,"date":"2011-06-06T10:05:07","date_gmt":"2011-06-06T03:05:07","guid":{"rendered":"http:\/\/deepquest.code511.com\/blog\/2011\/06\/06\/sony-hit-by-second-sql-hack-of-the-week\/"},"modified":"2011-06-06T23:41:41","modified_gmt":"2011-06-06T16:41:41","slug":"sony-hit-by-second-sql-hack-of-the-week","status":"publish","type":"post","link":"https:\/\/deepquest.code511.com\/blog\/2011\/06\/sony-hit-by-second-sql-hack-of-the-week\/","title":{"rendered":"Sony Hit By Second SQL Hack Of The Week"},"content":{"rendered":"<p><!-- p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; line-height: 18.0px; font: 12.0px Arial} span.s1 {text-decoration: underline ; color: #024d74} -->Under-siege technology giant Sony has fallen victim to yet another hacking attack, this time reportedly by a Lebanese hacker.<\/p>\n<p>The culprit, known by the handle &#8216;Idahc&#8217;, compromised a Sony Europe Application Store database of usernames, passwords, mobile phone numbers and corporate email addresses, according to <a href=\"http:\/\/nakedsecurity.sophos.com\/2011\/06\/04\/sony-europe-hacked-by-lebanese-hacker-again\/\">Sophos Canada senior security advisor Chester Wisniewski<\/a>.<\/p>\n<p>Idahc is claiming to have used standard SQL injection techniques to compromise the database and post the details of some 120 users online.<\/p>\n<p>&#8220;Hello, I am Idahc a Lebanese hacker,&#8221; he wrote on the posting to Pastebin. &#8220;I was bored and I play the game of the year: hacker vs Sony.&#8221;<\/p>\n<p>This is the 12th or 13th time Sony has been hacked in quick succession.<\/p>\n<p><!--more--><\/p>\n<p><!-- p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; line-height: 18.0px; font: 12.0px Arial} span.s1 {text-decoration: underline ; color: #024d74} -->I think it is fair to say Sony has not learned anything from the previous 12 attacks,&#8221; said Wisneiwski.<\/p>\n<p>&#8220;SQL injection flaw? Check. Plain text passwords? Check. People&#8217;s personally identifiable information totally unprotected? Check.&#8221;<\/p>\n<p>Idahc was responsible for a hack on Sony Ericsson&#8217;s Canadian site in May and, while there appears to be limited malicious intent on his part, the details could be exploited by those with more pecuniary motives.<\/p>\n<p>Earlier this week, Sony Pictures was apparently compromised by an\u00a0<a href=\"http:\/\/www.v3.co.uk\/v3-uk\/news\/2076227\/sony-pictures-admits-lulzsec-attack-targeting-law-enforcement\">SQL injection attack by a hacking group known as LulzSec<\/a>, which said it obtained the account details of over one million users.<\/p>\n<p>&#8220;If you are a database administrator (especially a Sony one) and want to avoid your sensitive data from ending up in the headlines, I recommend you actually test your web applications for SQL vulnerabilities,&#8221; said Wisniewski.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Under-siege technology giant Sony has fallen victim to yet another hacking attack, this time reportedly by a Lebanese hacker. The culprit, known by the handle &#8216;Idahc&#8217;, compromised a Sony Europe&#8230;<\/p>\n","protected":false},"author":439,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1650","post","type-post","status-publish","format-standard","hentry","category-security"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4bBYZ-qC","_links":{"self":[{"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/posts\/1650","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/users\/439"}],"replies":[{"embeddable":true,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/comments?post=1650"}],"version-history":[{"count":2,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/posts\/1650\/revisions"}],"predecessor-version":[{"id":1735,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/posts\/1650\/revisions\/1735"}],"wp:attachment":[{"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/media?parent=1650"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/categories?post=1650"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/tags?post=1650"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}