There are only two possibilities — either Sony is truly incompetent in securing its Web properties as suggested by Anonymous, or hackers around the world are trying to make a name for themselves at Sony’s expense.
Right after the attacks on Sony Thailand, So-net and Sony BGM Greece, reports surfaced that three more company sites were hacked — namely Sony Music Japan, Canada Sony Ericsson eShop and Sony Music Indonesia.
Both Sony Music Japan and Sony Ericsson eShop were attacked in a fashion similar to that of Sony BGM Greece — through SQL injection flaws. The data obtained from the breach of Sony Music Japan didn’t contain any sensitive user information.
Lulz Security, the team responsible for the hack, made a point to add insult to Sony’s injury by saying, “This isn’t a 1337 h4x0r, we just want to embarrass Sony some more. Can this be hack number 8? 7 and a half?!” Then its punch: “Stupid Sony, so very stupid.”
The hacker of Canada Sony Ericsson eShop wasn’t showing much mercy either. Calling himself a Lebanese grey hat hacker, Idahc posted the names, e-mail addresses and hashed passwords of close to a 1,000 users. “I hacked the database of ca.eshop.sonyericsson.com with a simple sql injection (LOL),” he wrote. “Hackers vs Sony, we are the winner.”
Sony Ericsson has since disabled the e-commerce website according to a company spokeswoman.
On the other hand, Sony Music Indonesia isn’t as badly bruised as its cousins. Its website was altered by the intruder, but no user data was stolen. It’s now back online.
It seems that “will Sony be hacked again?” isn’t the right question. The right one is “which Sony site will be targeted next?” We’ll see.