BreachExchange mailing list archives
Sony BMG Greece the latest hacked Sony site
From: AK <platsakos () gmail com>
Date: Mon, 23 May 2011 13:12:38 +0300
Greek Sony BMG site was reported hacked yesterday, with a partial dump of 8300+ users full names email addresses and (partial again) telephones appearing on pastebin. Given that not all details were mandatory, this somehow limits the impact of the breach but still, looking through the dump appearing in pastebin there are indeed accounts with all the details provided. Media coverage in http://nakedsecurity.sophos.com/2011/05/22/sony-bmg-greece-the-latest-hacked-sony-site/ In what seems to be a neverending nightmare it appears that the website of Sony BMG in Greece has been hacked and information dumped. An anonymous poster has uploaded a user database to pastebin.com, including the usernames, real names and email addresses of users registered on SonyMusic.gr. The data posted appears to be incomplete as it claims to include passwords, telephone numbers and other data that is either missing or bogus. [..] It appears someone used an automated SQL Injection tool to find this flaw. It's not something that requires a particularly skillful attacker, but simply the diligence to comb through Sony website after website until a security flaw is found.While it's cruel to kick someone while they're down, when this is over, Sony may end up being one of the most secure web assets on the net.If you are a user of SonyMusic.gr, it is highly recommended that you reset your password. Expect that any information you entered when creating your account may be in the hands of someone with malicious intent, and keep a close eye out for phishing attacks.The lesson I take away from this is similar to other stories we have published on data breaches. It would cost far less to perform thorough penetration tests than to suffer the loss of trust, fines, disclosure costs and loss of reputation these incidents have resulted in.Want to learn more about securing your web servers and databases? [...] Update: The editors of The Hacker News have contacted Naked Security and indicated they were the source of the post to pastebin.com. The original hackers had contacted them with the dump. -- What is the air-speed velocity of an unladen swallow? _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- Not so fast: Sony's PlayStation Network hacked again [Updated] security curmudgeon (May 18)
- Sony BMG Greece the latest hacked Sony site AK (May 23)