May 23, 2011 at 8:34 AM ET
The official website for Sony BMG Greece was hacked and its databases — which include some user data — were dumped onto the Internet.
Sophos reportsthat this latest Sony security incident put the usernames, real names, and email addresses of users registered on SonyMusic.gr at risk. The details of the hack were revealed when the individuals behind it contacted Hacker News with the extracted database.
An automated SQL injection tool appears to have been used for the attack, which is "not something that requires a particularly skillful attacker, but simply the diligence to comb through Sony website after website until a security flaw is found."
The hack is just one of many issues experienced by Sony in the recent weeks. First there was a massive security breach which forced the company to shut down the PlayStation Network, then there were difficulties in restoring the game service, then there was a security flaw in the PlayStation Network password reset feature, then a phishing site was discovered hidden on Sony's servers ... and now this.
In Sony's defense, Chester Wisniewsk — a senior security adviser at Sophos — remarks that "it is nearly impossible to run a totally secure Web presence, especially when you are the size of Sony. As long as it is popular within the hacker community to expose Sony's flaws, we are likely to continue seeing successful attacks against them."