Yet another hack directed towards Sony. Is anyone keeping count? According to Sopho’s Naked Security blog, a hacker was able to attain 120 usernames, passwords, phone numbers, work email addresses, and websites from a user database on Sony Europe’s website.
As PCWorld reports, a hacker named “Idahc” used a standard SQL injection attack to attain 120 usernames, passwords, phone numbers, email addresses, and websites from Sony Europe’s website and posted the sensitive information to pastebin. The passwords were apparently stored as a plain text within Sony’s database, which we all know to be a very big security issue.
The security firm Sophos recommended that sites test for SQL vulnerabilities. “If you are a database administrator (especially a Sony one) and want to avoid your sensitive data from ending up in the headlines I recommend you actually test your web applications for SQL vulnerabilities.”
This Lebanese attacker has attacked before. He recently broke into Sony Ericsson’s Canadian e-commerce site via a SQL injection hack.
Sony just offered its PlayStation Network “Welcome Back” package for those who were affected via the outage as a result of a hack. Sony just can’t catch a break.Further reading: Security, Sony