This is the third attack after the Sony Thailand website was hacked last Friday, May 20, less than a month after the Sony PlayStation Network was hacked.
“In what seems to be a never-ending nightmare it appears that the website of Sony BMG in Greece has been hacked and information dumped. An anonymous poster has uploaded a user database to pastebin.com, including the usernames, real names and email addresses of users registered on SonyMusic.gr," Sophos senior security adviser Chester Wisniewski said in a blog post Monday (Manila time).
He said the data appeared to be incomplete as it claims to include passwords, telephone numbers and other data that are either missing or bogus.
Also, he said the attacker may have used an automated SQL injection tool to find the flaw in the site.
Wisniewski recommended that users of SonyMusic.gr reset their passwords, and expect that any information they entered when creating their account may be in the hands of someone with malicious intent.
“Keep a close eye out for phishing attacks," he added.
What was needed was not a particularly skillful attack but “simply the diligence to comb through Sony website after website until a security flaw is found," according to Sophos.
On the other hand, Wisniewski noted it is nearly impossible to run a totally secure web presence, especially for a firm the size of Sony.
“As long as it is popular within the hacker community to expose Sony’s flaws, we are likely to continue seeing successful attacks against them," he said.
“While it's cruel to kick someone while they’re down, when this is over, Sony may end up being one of the most secure web assets on the net," he added.
Wisniewski said the lesson from the attack is the company to perform thorough penetration tests of its website which, he said, is far less costly than to suffer the loss of trust, fines, disclosure costs and loss of reputation these incidents have resulted in. — MRT/VS, GMA News
Source: GMA News
About the Contributor:
A self-confessed blogger minus the coffee. He maximizes his skills in consultancy, project management, professional networking and very active in conceptualizing things. To date he already conducted several IT / Information Security events as his passion since 2007. Currently he's working as a Technical Support Specialist in a local company.
ROOTCON is managed by like minded InfoSec professionals across the Philippines.
All rights reserved. Designated trademarks, brands and articles are the property of their respective owners.
All rights reserved. Designated trademarks, brands and articles are the property of their respective owners.