Update: Sony Ericsson online store, Sony BMG Japan hacked

The biggest of these attacks by far happened in mid-April, when attackers broke into Sony's PlayStation Network and Sony Online Entertainment and compromised personal data of some 70 million account holders and another 12 million or so credit and debit card holders.

Those attacks caused Sony to take down PSN and SOE for several days while it worked with three external security firms to find and fix the security holes. About 10 days ago, Sony announced that it had fixed all problems with its PSN and SOE networks and partially restored those services.

Since then, there have been at least five publicly known hacks of Sony web sites around the world, including the two reported today. Two of the attacks were reported last week, while another one against Sony BMG Greece was reported yesterday.

According to Kumar, extracting Sony BMG Japan's database would have been "just a kid(s) game" for anyone using an automated SQL injection tool such as those used by penetration testers.

All that a would-be hacker would need to do is put one of the URL's into the SQL tool and have it analyzed, Kumar claimed. "The tool will extract whole database (sic) with one click," he said.

The important thing for Sony is to find and fix such vulnerable links quickly, Kumar said.

"Hacker News motive is to alert Sony this time," because several hacker groups are actively looking for ways to break into other Sony sites as well, he said.

"We can't stop hackers, but can alert Sony about holes in the rest of their sites," he said. "All these hackers (are) doing free of cost auditing for Sony. So Sony should take benefit from this" and secure its systems, Kumar said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.

Data breaches

• Microsoft brushes off claim Xbox Live accounts were compromised
• Twitter aims to become safer with two-step sign-in
• Yahoo Japan says 22 million user IDs may have been stolen
• Payment card processors hacked in $45 million fraud
• The Onion explains how its Twitter account was hacked
• Name.com forces customers to reset passwords following security breach
• Systems manager arrested for hacking former employer's network
• Dutch bill would give police hacking powers
• After hack, LivingSocial tells 50M users to reset passwords
• Amazon looks to move security appliances to the cloud

More in Data Security

Read more about Security in Computerworld's Security Topic Center.