Update: Sony Ericsson online store, Sony BMG Japan hacked
Attacks mount as hacker group says it looks to embarrass Sony
Computerworld - Sony Ericsson Canada today confirmed that it was hit by a security breach that allowed about 2,000 customer records, including first name, last name, email addresses and the hash of encrypted passwords to be illegally accessed.
No additional personal or credit card information was compromised, the company said in a statement to the IDG News Service this afternoon.
Earlier today, The Hacker News (THN) had reported that it received a tip from a Lebanese hacker who had breached the site and accessed email addresses, passwords and names of thousands of users of Ericsson's Eshop online store in Canada. The information was then posted on Pastebin.com.
The Ericsson breach is one of two reported today. According to THN, another group called LulzSec accessed a database used by Sony BMG Japan and posted its contents -- minus usernames and other personal information -- on Pastebin.com
Lulz Sec also claimed to the Hacker News site that it has discovered more vulnerable Sony BMG databases. The news site posted links to two pages on Sony Music's Japanese Web site that it said contain the SQL injection vulnerabilities used to break into the Sony database.
Sony did not respond to requests for comment on the reported hacks.
Chester Wisniewski, senior advisor at security firm Sophos, said it isn't clear whether the hackers could inject data into the vulnerable Sony BMG Japan database or simply access its contents. "If they are able to alter the records, this could be used to insert malicious code that could be used to compromise people browsing the [Sony BMG Japan] site," Wisniewski wrote in a blog post today.
The latest attacks were said by the Hacker News to be enabled by SQL injection flaws on Sony websites.
THN editor Mohit Kumar told Computerworld in an email that the Sony Pictures' site in Japan may have also fallen victim to a hacker attack, while another of the company's sites in Europe contains the same flaw that allowed hackers to break into the other Sony sites. That site has not been reported as being hacked, but hacker groups are actively discussing breaking into it, he claimed.
The recent breaches appear to be attempts to humiliate Sony.
"This isn't a 1337 h4x0r (elite hacker in Leetspeak)," Lulz Sec noted in a message posted on Hacker News. "We just want to embarrass Sony some more. Can this be hack number 8? 7 and a half," the message noted in apparent reference to the series of recent intrusions at Sony.
Sony sites have been hacked several times in several weeks, which analysts say shows that the company's online networks are very porous.
- UPS now the third company in a week to disclose data breach
- Healthcare organizations still too lax on security
- Why would Chinese hackers want US hospital patient data?
- About 4.5M face risk of ID theft after hospital network hacked
- Supervalu breach shows why move to smartcards is long overdue
- Grocery stores in multiple states hit by data breach
- Update: Payment cards with chips aren't perfect, so encrypt everything, experts say
- U.S. agencies halt background checks by contractor after cyberattack
- Five unanswered questions about massive Russian hacker database
- Massive Russian hack has researchers scratching their heads
- Learn More About Peer 1 Hosting's Mission Critical Cloud Mission Critical Cloud from Peer 1 Hosting is enterprise-ready, creating a perfect point of adoption whether you need an off-premise solution for development
- What Makes a Cloud Solution Truly Enterprise-Grade? Future enterprise cloud capabilities will evolve from five core elements...
- Securing Mobile App Data - Comparing Containers and App Wrappers Analysts agree that Mobile Device Management (MDM) is not enough when it comes to securing app data. Although it remains a critical component...
- PCI 3.0 Compliance In this white paper, learn how PCI-DSS 3.0 effects how you deploy and maintain PCI compliant networks using CradlePoint devices.
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade.
- Peer 1's Mission Critical Cloud: Your Cloud, Your Way Peer 1 Hosting's Mission Critical Cloud offers the ultimate in flexible customization of infrastructure, resources and support. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!