This is becoming painful: After a handful of its international web properties were infiltrated, Sony admitted to an intrusion of its Canada e-shopping site, resulting in the loss of thousands of customer records. And now the plagued company can add Thailand’s Sony services users to its list of affected subscribers.
Yesterday morning we reported that Sony’s Japan music site had been hacked via an SQL injection, much like its Greece music site had been earlier this week. It has been confirmed that Sony Ericsson Canada had suffered the same fate at the hands of a “Lebanese grey-hat hacker” called Idahc. Unlike the previous attacks, Idahc was able to access Sony Canada’s online store and customer database and the company confirmed that some 2,000 account records have been compromised. “Sony Ericsson’s website in Canada, which advertises its products, has been hacked, affecting 2,000 people,” a Sony spokesperson told AFP.
According to Idahc’s Twitter, it’s a one-man operation and he was able to find an impressive amount of user information. Still, Sony continues to claim that while customer data was accessible, credit card information was not stolen: “The information includes registered names, email addresses, and encrypted passwords. But it does not include credit card information.” Idahc has also said he did not take advantage of this sensitive material – the motivation was exclusively to further embarrass Sony and its flailing state of security. He has, however, posted users’ names, account passwords, and e-mail addresses online.
Sony has also had to shut down services in Thailand as well. Bloomberg says the site experienced unauthorized intrusions and company spokesman Atsuo Omagari explains malicious code that could spam users via e-mail was found. Sony is investigating the suspicious activity.
If Sony is able to head off these advances and prevent further fallout for its Thailand site, it would be a first. Exposing holes in Sony’s security has become a game that hackers are winning – handily. To date, each incident has left Sony scrambling in its intruders dust, trying to clean up the damage only after its weak system protection has been exposed.
- Hacked Chrome extension disguised as legitimate version steals logins
- Hack affects 2 million T-Mobile customers, unclear if passwords included
- British Airways data hack hits 380,000 recent customers
- Was your Facebook account hacked in the latest breach? Here’s how to find out
- Attacker stole user data from Reddit through employee accounts