As if there’s a medal for hacking Sony branded websites, attackers are showing no sign of slowing down their onslaught against online properties of the Tokyo-based multinational corporation. This time around, user data was stolen from the Sony Music Entertainment Greece website — at www.sonymusic.gr.
According to Naked Security, it appears that the someone used an automated SQL injection tool to scan for flaws on Sony’s website. Its target was identified when a security issue was detected on SonyMusic.gr.
The hacker got away with user data containing user names, real names, and email addresses. Part of the database was uploaded to Pastebin.com anonymously.
Chester Wisniewski of Naked Security agrees with the saying “what doesn’t kill you makes you stronger.” “While it’s cruel to kick someone while they’re down, when this is over, Sony may end up being one of the most secure Web assets on the net.”
This has been a disaster-ridden year for Sony. The company had shut down at least six factories after Japan was hit by an 8.9 magnitude earthquake and tsunami. Its Web security nightmare started when Anonymous threatened to target the company in protest of its legal action against the hacker George Hotz. A series of successful attacks ensued, ranging from smaller scale attacks to the high-profile PSN breach, the second largest breach in history.
Whoever’s behind the attacks, they’ve cost Sony a whooping $170 million, as reported in the company’s earnings statement.
Previously projecting a return to profit, the company has now revised its estimates, expecting a $3.2 billion loss for the fiscal year ended March 2011.