June 5th, 2011, 07:44 AM
Sony Europe Hacked: 150 Accounts Compromised
The thirteenth hack on a Sony database has been reported by Sophos' Naked Security blog, allegedly netting a single hacker 120 user names, passwords, mobile phone numbers, work emails, and websites from a user database on Sony Europe's site.
The attacker, dubbed "Idahc," claims to have used a standard SQL injection attack to get his hands on the database, which he promptly released to the world via Pastebin document. The passwords were allegedly stored as plain text within Sony's database, a pretty big no-no as far as the world of enterprise security is concerned.
"If you are a database administrator (especially a Sony one) and want to avoid your sensitive data from ending up in the headlines I recommend you actually test your web applications for SQL vulnerabilities," wrote Sophos' Chester Wisniewski.
The pseudonym "Idahc" might sound familiar. It should: The Lebanese attacker is the same person who recently broke into Sony Ericsson's Canadian e-commerce site. This breach in a Sony site or server–the fifth, for those keeping score at home–was also the result of an SQL injection hack.
Full story: PC Magazine