Hackers Go After Sony/BMG Greece. Yes, Greece.
Oy, it just gets better and better for Sony. Fresh off news that they took a major hit to the wallet thanks for the PSN outage and quake aftermath, now we get word of yet another hack of their apparently tissue-paper fragile networks. The latest victim can at least drown their sorrows in an Athenian nightclub; as reported by PC World, hackers employing a relatively simple automated SQL injection tool broke into is Sony/BMG Greece’s database and nabbed a ton of customer data.
That data includes “the usernames, real names and email addresses of users that registered with the site”, and has to feel like a humiliating blow. Sony has known for nearly 2 months about numerous vulnerabilities in their system, and as PS world points out, and automated SQL hack is kind of basic. The hack “was enabled by a SQL injection flaw that allowed the intruders to inject malicious code into the Greek Sony BMG site.” It’s astounding that Sony’s highly paid security consultants failed to catch this vulnerability, and further proof that something is not going right at the top of the global corporate behemoth.
There’s no report yet that financial data was also accessed, but even if Greek music lovers are spared that threat, Sony is suffering from a serious problem. This is the second such hack in less than a week, closely following Friday’s announced hack of So-Net. As always, we’ll keep you posted in case some other previously unknown Sony site also failed to update their security protocols.