Skip the navigation

Update: Sony Ericsson online store, Sony BMG Japan hacked

May 24, 2011 05:01 PM ET

The biggest of these attacks by far happened in mid-April, when attackers broke into Sony's PlayStation Network and Sony Online Entertainment and compromised personal data of some 70 million account holders and another 12 million or so credit and debit card holders.

Those attacks caused Sony to take down PSN and SOE for several days while it worked with three external security firms to find and fix the security holes. About 10 days ago, Sony announced that it had fixed all problems with its PSN and SOE networks and partially restored those services.

Since then, there have been at least five publicly known hacks of Sony web sites around the world, including the two reported today. Two of the attacks were reported last week, while another one against Sony BMG Greece was reported yesterday.

According to Kumar, extracting Sony BMG Japan's database would have been "just a kid(s) game" for anyone using an automated SQL injection tool such as those used by penetration testers.

All that a would-be hacker would need to do is put one of the URL's into the SQL tool and have it analyzed, Kumar claimed. "The tool will extract whole database (sic) with one click," he said.

The important thing for Sony is to find and fix such vulnerable links quickly, Kumar said.

"Hacker News motive is to alert Sony this time," because several hacker groups are actively looking for ways to break into other Sony sites as well, he said.

"We can't stop hackers, but can alert Sony about holes in the rest of their sites," he said. "All these hackers (are) doing free of cost auditing for Sony. So Sony should take benefit from this" and secure its systems, Kumar said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at Twitter@jaivijayan, or subscribe to Jaikumar's RSS feed Vijayan RSS. His e-mail address is jvijayan@computerworld.com.

Read more about Security in Computerworld's Security Topic Center.



Our Commenting Policies