Another day, another hack on Sony database! Just a day after Sony Pictures came under attack by hacker group LulzSec, the company is reeling under yet another attack. The latest victim is Sony Europe.
A Lebanese hacker named Idahc has claimed that he breached Sony's Europe website and gained access to accounts of approximately 120 users.
The hacker broke into database of Application Store at Sony Europe http://apps.pro.sony.eu/, and obtained users' personal information like usernames, passwords, mobile phone numbers, emails, and websites.
Idahc has pasted the database on pastebin.com, a website where users can store text online, usually samples of source code, for public viewing for a short period of time.
Claiming responsibility for the attack, the hacker wrote on Pastebin, “Hello , Iam Idahc a Lebanese Hacker. I was Bored and I play the game of the year : “hacker vs Sony,” and “hacked little database of 120 user.”
Meanwhile, the link to Sony Europe's Application Store reads, “The website is currently undergoing scheduled maintenance and will be available shortly.”
Lebanese hacker's second attack on Sony
The name Idahc is not new to Sony. In fact, he is the same hacker who had attacked Sony Ericsson's eShop website, ca.eshop.sonyericsson.com, in Canada.
Idahc had stolen names and email addresses of about 2,000 customers and posted it on ‘The Hacker News,’ a rogue website.
Also, like the attack on Canada's website, Idahc has hacked the “little database of 120 user” on Sony Europe site “with an sql injection......”
Even, LulzSec attacked Sony Pictures with a SQL script injection, “one of the most primitive and common vulnerabilities.”
"If you are a database administrator (especially a Sony one) and want to avoid your sensitive data from ending up in the headlines I recommend you actually test your web applications for SQL vulnerabilities."--Sophos' Chester Wisniewski
Sony fails to learn from previous hacks
The recent hack is the 13th attack on Sony's database, according to Sophos' Naked Security blog.
Though the Sony Europe attack is small compared to the two previous hacks that exposed personal information of nearly 100 millions users, Sony has failed to secure users' information.
Considering the number of attacks, and the methods used by hackers to breach users' data, it can be said that the consumer electronic giant Sony has not learned lessons from the previous 12 hacks.
Despite being attacked so many times, Sony continues to store the user passwords in plain text. Also, the SQL injection flaw still persists.
"If you are a database administrator (especially a Sony one) and want to avoid your sensitive data from ending up in the headlines I recommend you actually test your web applications for SQL vulnerabilities,” stated Sophos' Chester Wisniewski.