The official website for Sony BMG Greece was hacked and its databases — which include some user data — were dumped onto the Internet.
Sophos reports that this latest Sony security incident put the usernames, real names, and email addresses of users registered on SonyMusic.gr at risk. The details of the hack were revealed when the individuals behind it contacted Hacker News with the extracted database.
An automated SQL injection tool appears to have been used for the attack, which is "not something that requires a particularly skillful attacker, but simply the diligence to comb through Sony website after website until a security flaw is found."
A phishing site was found on the Sony server, they are still not fully operational, and now this. This has truly crossed the line into the land of inexcusable failure. Sony may not ever fully recover from this. At this point, I'm not sure I want them to. They are surely under a microscope now, but their security is looking like a total loss.
Posts
No comments:
Post a Comment