Sony BMG Greece website hacked, user data revealed

By Andrew Couts May 23, 2011

Sony‘s nightmare continues this week, with with news out today that hackers infiltrated the Sony BMG Greece on May 5, and stole users’ personal data, some of which was then posted online this weekend.

News of the hack comes via Hacker News, which reports that an anonymous user, who goes by the name b4d_vipera, uploaded a database of user information to pastebin.com. The database includes the names and email addresses of people registered to the SonyMusic.gr website.

According to Naked Security‘s Chester Wisniewski, the hackers appear to have used an SQL injection tool to discover the flaw in Sony’s security. This type of hack is “not something that requires a particularly skillful attacker,” writes Wisniewski, “but simply the diligence to comb through Sony website after website until a security flaw is found.”

Sony has become the target of choice for hackers, who hope to expose the company’s security flaws. On Friday security researchers discovered a phishing attack site stored on Sony’s server, which was accessible through one of Sony’s Thailand websites. And only days before that, Sony was forced to shut down a number of its websites, including the password reset page for its crippled PlayStation Network.

All of this, of course, was preceded by two attacks on Sony’s PSN and Qirocity services, which resulted in a complete shutdown of the network, the theft of nearly 13 million credit cards, and the jeopardization of personal data of approximately 100 million users around the world.

Sony’s battle with hackers is likely far from over. As Wisniewski points out: “As long as it is popular within the hacker community to expose Sony’s flaws, we are likely to continue seeing successful attacks against them.”

Users of SonyMusic.gr should reset their passwords as soon as possible. And, if you’re planning on joining a Sony service anytime soon, you might want to wait a little while, until this whole thing blows over.

Editors' Recommendations

Topics

Former Digital Trends Contributor

Features Editor for Digital Trends, Andrew Couts covers a wide swath of consumer technology topics, with particular focus on…

Computing

Sony executive describes PSN security breach as “a great experience”

tim schaaff

If you were a Sony executive being interviewed about April’s massive security breach which knocked offline 77 million PSN accounts for more than a month, cost the company somewhere in the region of $171 million and angered millions of users around the world, how might you describe the whole debacle?
“An embarrassing calamity,” perhaps? “A monumental month of misery,” possibly? Not so Tim Schaaff.
Schaaff, the president of Sony Network Entertainment, described it, somewhat surprisingly, as “a great experience.” The Sony executive was talking to VentureBeat’s Dylan Tweney on Wednesday at the MobileBeat conference in San Francisco.
According to PC Mag, Schaaff told Tweney that Sony had been “very, very pleasantly surprised by the experience.”
Regarding today’s much improved state of affairs, Schaaff said, “Everything's live again around the world, and the amazing thing through all of this is that the customers have all come back, and network performance is better than ever, sales are better than ever.”
The executive, who is no doubt feeling hugely relieved that the company has come through what was one of the most troubling episodes in its history, told Tweney: “We're in a place where we're really looking forward again to what's next, what's new, and how we can keep growing the network.” He continued: “It's a pretty crazy event that we went through but we survived, and we're back strong, and ready to go.”
Schaaff said that when the security breach first took place, the company thought “it was all about Sony, and what was Sony doing.” In the weeks following the attack, however, it became apparent that this wasn’t the case, as a number of other companies and government bodies also suffered at the hands of hackers.
Astonishingly, Schaaff described the whole episode as “a great experience.” That’s really saying something. We’re wondering what would’ve had to have happened for him to call it “pretty damn awful.”
Schaaff qualified his remark by saying, “I would not like to do it again. One time was enough. Great learning experience.”

Computing

New lawsuit hits Sony, says company ignored security warnings

Sony just can't catch a break. The company is being hit with another class action lawsuit over the Playstation Network breach in April.
The three men suing Sony say that the network problems centered around laid-off security employees. According to the documents, Sony knew that its security systems were ill-prepared for cyber attacks and this negligence led to the theft of customers' personal information as well as the month-long PSN blackout.
This new lawsuit was filed earlier this week in the San Diego US District Court and was brought forth by Jimmy Cortorreal, Felix Cortorreal and Jacques Daoud Jr. on behalf of themselves and others similarly situated v. Sony Corporation Inc. et al, No. 11-1369.
The suit, unearthed first by Reuters earlier today, says that Sony Online Entertainment laid off a substantial portion of the workforce just two weeks before the great PSN blackout. This included a bunch of employees in the Network Operations Center who are the ones responsible for resolving security breaches and keeping the security technology sharpened.
The three men also cite confidential witnesses who say that the customer data protection was inadequate. According to the documents, Sony was told repeatedly about security flaws and small-scale attacks before the big breach but the company chose to ignore these warnings.
The lawsuit casts Sony in quite a harsh light by saying, “Sony took numerous precautions and spent lavishly to secure its proprietary development server containing its own sensitive information … but recklessly declined to provide adequate protections for its Customers' Personal Information."
The lawsuit claims that after all these problems, there was little surprise when the security breach happened. The men are asking to be reimbursed for their consoles, network fees and more. The free downloads and apology don't seem to be enough.

Computing

LulzSec hacks Sonypictures.com, user data compromised

Hacker group LulzSec, responsible for the PBS hack earlier this week, promised it would soon strike Sony. Today, the hackers delivered. LulzSec claims to have infiltrated Sonypictures.com and accessed its user database. “We recently broke into Sonypicture.com and compromised over 1,000,000 users’ accounts, personal information, including passwords, e-mail addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts,” the group says.

LulzSec also defends its purposes, saying it simply wants to reveal Sony’s lack of care with such sensitive information. According to the statement, the hackers used an SQL injection to compromise the site. “Why do you put such faith in a company that allows itself to become open to these simple attacks?” they ask, saying that the data also wasn’t encrypted.