Followers

May 24, 2011

Sony Music Japan hacked through SQL injection flaw

Another day, another attack on Sony. I reported yesterday on the SQL injection attack exposing user information on SonyMusic.gr and today attackers have found flaws in SonyMusic.co.jp.
The Hacker News sent us a tip this evening documenting a couple of vulnerable web pages on SonyMusic.co.jp that allowed hackers to access their contents through SQL injection.

The good news? The database information that was published does not contain names, passwords or other personally identifiable information. The attackers noted that there are two other databases on the site that are vulnerable and it remains unclear whether they contain sensitive information.
It isn't clear whether the hackers are able to inject data into the database, or simply access the tables and records it contains. If they are able to alter the records, this could be used to insert malicious code that could be used to compromise people browsing the site.
The attackers appear to be the same crew who targeted Fox.com earlier this month. Known as Lulz Security, the group appears to attack sites primarily for fun and political reasons, not to steal credit cards and commit other types of fraud.
This doesn't change the criminality of their behavior. Accessing systems without authorization is still a crime in most countries.
Will Sony stop the bleeding? The attackers stated in their message "This isn't a 1337 h4x0r, we just want to embarrass Sony some more."
While there is an enormous target on Sony's back as a result of these very public attacks it is unclear why this is happening. Is Sony taking security seriously or are there simply so many flaws from the past that exist in their public facing sites that it will take them a long time to patch them all?
I hope this is the last time I have to report on a flaw at Sony. Sony has announced they are working with several professional organizations to get their security house in order and for their sake I hope this happens sooner rather than later.

29 comments:

  1. If they just wanted to embarrass sony, imagine if they won't to destroy it o_o

    ReplyDelete
  2. Heh. I think they proved their point.

    ReplyDelete
  3. What is a 1337 h4x0r?

    ReplyDelete
  4. Wow. Again Sony? I don't know if they'll recover from this!

    ReplyDelete
  5. Hahaha very silly indeed. Keep 'em comin'.... XD

    ReplyDelete
  6. oh god.. when will they stop?

    ReplyDelete
  7. Sony is getting hacked from all angles. They just recorded a pretty substantial money loss. Hopefully they come out okay.

    ReplyDelete
  8. Sony is just getting hammered

    ReplyDelete
  9. These constant attacks are doing some serious damage.

    ReplyDelete
  10. Sony really has a lot of trouble this times, Playstation NOTwork... etc.

    ReplyDelete
  11. Poor Sony, after this consequences will never be the same

    ReplyDelete
  12. What is the problem with Sony?

    ReplyDelete
  13. Lol, Sony's getting hit HARD. If they weren't a large corporation I'd almost feel sorry...

    ReplyDelete
  14. man sony is getting attacked again. leave them alone

    ReplyDelete
  15. Damn sony security is a joke! ;D

    ReplyDelete
  16. Hah... Sony is getting hit after hit every time! That is funny to see though.

    ReplyDelete
  17. Wow, what security fail they had there!

    ReplyDelete
  18. This post excellently highlights what the author is trying to communicate. Nonetheless, the article has been framed excellently well and all credits to the author. For more information on how to load balance your web servers, please visit ..
    http://serverloadbalancing.biz/wordpressbiz/
    http://serverloadbalancing.info/wordpressinfo/

    ReplyDelete