As if a bad situation couldn’t get worse – news of another hacked Sony service hit the web today, this time the Greek Sony BMG site. The hack occurred May 5th, posting online the usernames, real names, and email addresses for registered SonyMusic.gr customers – but omitting passwords and telephone numbers (or posting incorrect information).
According to the Sophos blog Naked Security “It appears someone used an automated SQL injection tool to find this flaw. It’s not something that requires a particularly skillful attacker, but simply the diligence to comb through Sony website after website until a security flaw is found.”
The blog also talks about how it is virtually impossible to have a completely secure web presence, so as long as it’s “popular” to hack Sony’s sites, then people will probably continue to successfully do so. Later on, however, Sony is likely to have some of the most secure web assets on the internet.
Sony has already suffered a pretty sizable financial loss from the attacks, as well as likely a good amount of customers.
With all the successful attacks against Sony, are any of you who were previously Sony customers considering no longer working with the company?