Another day, another Sony hack. In what is turning into a daily event for the famous electronics company, another one of its many consumer sites has been hacked, but it luckily looks like it may not have been an overly malicious one this time around.
According to Naked Security, the latest attack was carried out on the Sony Music Japan site via an SQL injection, the same method that was used in the hack on the Greek Sony BMG site that came to light yesterday. This attack was apparently carried out by a group that calls itself Lulz Security which is known for hacking sites for fun and political reasons, and never with an intent of carrying out any fraud.
The hacker group did post how they had done it on two different databases, and listed that at least two more were vulnerable to attack. They did not, however, post any sort of personal information such as usernames, passwords or real names, so it does appear this particular intrusion was strictly for “fun.”
Due to the sheer volume of sites Sony runs there are bound to be more security holes out there, and to the company’s credit, they are bringing on outside security firms to help them do reviews, but my gut tells me this is not the last we’re going to hear of some Sony site being hacked. When you’re a company of this size with sites everywhere and years of legacy code running, it’s easy to overlook an update or a patch on some server in the back corner of the room. Don’t get me wrong, it’s their job to do this stuff, and they should have everything updated, but I’m just saying I’m not all that surprised that these issues keep cropping up.
What do you think? Is this issue unique to Sony, or are they just everyone’s current favorite target?
[via Naked Security]