Update: Sony Ericsson online store, Sony BMG Japan hacked
The biggest of these attacks by far happened in mid-April, when attackers broke into Sony's PlayStation Network and Sony Online Entertainment and compromised personal data of some 70 million account holders and another 12 million or so credit and debit card holders.
Those attacks caused Sony to take down PSN and SOE for several days while it worked with three external security firms to find and fix the security holes. About 10 days ago, Sony announced that it had fixed all problems with its PSN and SOE networks and partially restored those services.
Since then, there have been at least five publicly known hacks of Sony web sites around the world, including the two reported today. Two of the attacks were reported last week, while another one against Sony BMG Greece was reported yesterday.
According to Kumar, extracting Sony BMG Japan's database would have been "just a kid(s) game" for anyone using an automated SQL injection tool such as those used by penetration testers.
All that a would-be hacker would need to do is put one of the URL's into the SQL tool and have it analyzed, Kumar claimed. "The tool will extract whole database (sic) with one click," he said.
The important thing for Sony is to find and fix such vulnerable links quickly, Kumar said.
"Hacker News motive is to alert Sony this time," because several hacker groups are actively looking for ways to break into other Sony sites as well, he said.
"We can't stop hackers, but can alert Sony about holes in the rest of their sites," he said. "All these hackers (are) doing free of cost auditing for Sony. So Sony should take benefit from this" and secure its systems, Kumar said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
- Arrests made after international cyber-ring targets StubHub
- SQL injection flaw opens door for Wall Street Journal database hack
- Goodwill Industries probes possible payment card breach
- Aloha point-of-sale terminal, sold on eBay, yields security surprises
- The biggest data breaches of 2014 (so far)
- Blue Shield discloses 18,000 doctors' Social Security numbers
- PF Chang's says breach was 'highly sophisticated criminal operation'
- Breaches exposed 1 in 7 US debit cards in 2013
- New malware program targets banking data
- How to protect yourself against privileged user abuse
Read more about Security in Computerworld's Security Topic Center.
- EndPoint Interactive eGuide In this eGuide, Network World, Computerworld, and CIO examine two endpoint trends - BYOD and collaboration - and offer tips and advice on...
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!