It’s official: Sony‘s hacker problems are never going away. After repeat attacks to its PlayStation Network over the past month, researchers from cyber security firm F-Secure have discovered a phishing attack site hosted on a Sony server. So yes, Sony has been hacked again. This time, however, the PSN is safe. But the previous hacks to it system appear to have left Sony’s entire online infrastructure vulnerable to attacks like this one.
The phishing site is accessed through a sub-domain of Sony’s Thailand website, hdworld.sony.co.th (do not visit). The attack site targets an Italian credit card company, Carta Si. Users of Google’s Chrome browser who try to access the site (for whatever dumb reason) will find that the site has already been flagged as malicious.
Phishing attack sites work by tricking people into entering in their login credentials and other private data into a fake website, which poses to be something legitimate. In this case, it’s a website, hosted on Sony’s servers, which is made to look like a credit card company. Anyone who foolishly enters their data into the phishing site will presumably face the wrath of whatever hacker decides to go on a spending spree on their dime (or euro, as the case may be).
Hopefully, researchers caught the phishing site before anyone fell for the ploy. Regardless, it would seem as though the damage is done for Sony, who has been under intense scrutiny since the April 19 hack of its servers, which led to the theft of nearly 13 million credit cards and left the personal data of as much as 100 million people around the world at risk.
Earlier this week, Sony was forced to shut down a number of websites, including the PlayStation Network password reset page, after hackers were using stolen credentials to infiltrate users’ accounts.It’s entirely possible — in fact, likely — that this most recent attack was made possible because of the increased vulnerability of Sony’s systems that is due to information stolen in the initial attacks.
So there you have it. Sony has been hit once again, and it probably won’t be the last time. Really, at this point, we just feel sorry for them.
- Pay-n-pray cybersecurity isn’t working. What if we just paid when it works?
- Critical MacOS Mojave vulnerability bypasses system security
- Earn up to $10,000 by squashing printer-based bugs in HP’s bounty program
- Homeland Security is worried about Gmail’s confidentiality mode
- Researchers hack John McAfee’s ‘unhackable’ Bitfi cryptocurrency wallet