Skip the navigation

Update: Sony Ericsson online store, Sony BMG Japan hacked

Attacks mount as hacker group says it looks to embarrass Sony

May 24, 2011 05:01 PM ET

Computerworld - Sony Ericsson Canada today confirmed that it was hit by a security breach that allowed about 2,000 customer records, including first name, last name, email addresses and the hash of encrypted passwords to be illegally accessed.

No additional personal or credit card information was compromised, the company said in a statement to the IDG News Service this afternoon.

Earlier today, The Hacker News (THN) had reported that it received a tip from a Lebanese hacker who had breached the site and accessed email addresses, passwords and names of thousands of users of Ericsson's Eshop online store in Canada. The information was then posted on Pastebin.com.

The Ericsson breach is one of two reported today. According to THN, another group called LulzSec accessed a database used by Sony BMG Japan and posted its contents -- minus usernames and other personal information -- on Pastebin.com

Lulz Sec also claimed to the Hacker News site that it has discovered more vulnerable Sony BMG databases. The news site posted links to two pages on Sony Music's Japanese Web site that it said contain the SQL injection vulnerabilities used to break into the Sony database.

Sony did not respond to requests for comment on the reported hacks.

Chester Wisniewski, senior advisor at security firm Sophos, said it isn't clear whether the hackers could inject data into the vulnerable Sony BMG Japan database or simply access its contents. "If they are able to alter the records, this could be used to insert malicious code that could be used to compromise people browsing the [Sony BMG Japan] site," Wisniewski wrote in a blog post today.

The latest attacks were said by the Hacker News to be enabled by SQL injection flaws on Sony websites.

THN editor Mohit Kumar told Computerworld in an email that the Sony Pictures' site in Japan may have also fallen victim to a hacker attack, while another of the company's sites in Europe contains the same flaw that allowed hackers to break into the other Sony sites. That site has not been reported as being hacked, but hacker groups are actively discussing breaking into it, he claimed.

The recent breaches appear to be attempts to humiliate Sony.

"This isn't a 1337 h4x0r (elite hacker in Leetspeak)," Lulz Sec noted in a message posted on Hacker News. "We just want to embarrass Sony some more. Can this be hack number 8? 7 and a half," the message noted in apparent reference to the series of recent intrusions at Sony.

Sony sites have been hacked several times in several weeks, which analysts say shows that the company's online networks are very porous.



Our Commenting Policies