Details of three more data breaches afflicting Japanese electronics giant Sony have emerged, bringing the total number of major hacking incidents affecting the company to seven.
It emerged yesterday that the Greek website of Sony BMG, the company’s music division, fell victim to a SQL injection attack in the first week of May. A stolen database containing details of 8385 web users was posted to programmer website Hacker News on Sunday.
Two other incidents have emerged in recent dats. On Friday, security firm F-Secure announced that it had detected a breach of Sony’s systems, a phishing site running on a subdomain on Sony’s Thai homepage. The site was imitating the login portal of Italian credit card CartaSi in an effort to pick up customer details.
"We know you’re not supposed to kick somebody when they’re already down… but we just found a live phishing site running on one of Sony’s servers," said F-Secure in an announcement. Sony removed the page as soon as they were made aware of it by F-Secure.
And last Thursday, it was revealed that hackers managed to steal $1,225-worth of customer loyalty points from 128 accounts on Sony’s Japanese Internet service provider (ISP) subsidiary So-net Entertainment Corp. This breach occurred on May 16th and 17th.
The sequence of known events is now as follows:
– April 2nd: Anonymous begins denial of service attacks on Sony
– April 16th: Unrevealed hackers steal 25 million users’ personal details from Sony’s PC gaming network
– April 17th: Hackers steal 77 million users’ details from Sony’s Playstation Network
– May 5th: Sony BMG’s Greek users’ details hacked
– May 5th: Incomplete details of entrants to a 2001 Sony sweepstakes hacked
– May 16th/17th: $1,225 Sony points stolen from subsidiary ISP
– May 20th: Phishing site is discovered running on a Sony server
The frequency of these attacks highlights the vulnerability of data held on the web, remarked Chester Wisniewski, an advisor at UK security company Sophos. "It is nearly impossible to run a totally secure web presence, especially when you are the size of Sony. As long as it is popular within the hacker community to expose Sony’s flaws, we are likely to continue seeing successful attacks against them."
He added, though, that the attacks may well drive Sony to become one of the most secure companies on the web.