Re: Sony succumbs to another hack leaking 2, 500 "old records"

[security curmudgeon <jericho () attrition org>]

The google search that lead to this disclosure:

http://www.google.com/search?q=site:products.sel.sony.com+filetype:xls

Sony Electronics Inc. - Credit Reference Service
Sony Electronics Inc.'s Credit Reference service is temporarily 
unavailable as we are performing routine maintenance on the site. ...
products.sel.sony.com/shared/santa/dbs/sweepstake.xls - Cached


On Sun, 8 May 2011, security curmudgeon wrote:

: 
: http://nakedsecurity.sophos.com/2011/05/07/sony-succumbs-to-another-hack-leaking-2500-old-records/
: 
: Sony succumbs to another hack leaking 2,500 "old records"
: by Chester Wisniewski
: May 7, 2011
: 
: Sony seems to be living a nightmare this week. In a statement made today to
: Reuters they acknowledged another Sony property had been attacked by malicious
: hackers and more data stolen and published.
: 
: Even more embarrassing was the fact that the stolen information was published
: on a Sony web server that reportedly is part of Sony Electronics.
: 
: The information disclosed contained names and partial addresses of Sony
: customers who had participated in a 2001 sweepstakes. Sony's comment is as
: follows:
: 
:     "The website was out of date and inactive when discovered as part of the
: continued attacks on Sony,"
: 
: This appears to be a partial repeat of what they disclosed in their second
: statement acknowledging that Sony Online Entertainment had been compromised.
: "Don't worry it was old data on a forgotten server."
: 
: [..]
: 
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/