Another day, another attack on Sony. Just when you couldn’t imagine it getting any worse for Sony, a new attacks on the Sony Music Japan and Greece websites (SonyMusic.gr, SonyMusic.co.jp), exposing databases using SQL injection techniques. Sony has suffered from two hacks last month lead to compromising over 100 million accounts along with usernames, password, credit cards info.
The good news? The database information that was published does not contain names, passwords or other personally identifiable information. The attackers noted that there are two other databases on the site that are vulnerable and it remains unclear whether they contain sensitive information.
It isn’t clear whether the hackers are able to inject data into the database, or simply access the tables and records it contains. If they are able to alter the records, this could be used to insert malicious code that could be used to compromise people browsing the site.
While there is an enormous target on Sony’s back as a result of these very public attacks it is unclear why this is happening. Is Sony taking security seriously or are there simply so many flaws from the past that exist in their public facing sites that it will take them a long time to patch them all?
I hope this is the last time to report on a flaw at Sony. Sony has announced they are working with several professional organizations to get their security house in order and for their sake I hope this happens sooner rather than later.
[via nakedsecurity]