In what is proving to be a tough run of bad news for Sony, the Greek web site for its Sony BMG record label has been hacked. An upload of sample extracts from a database of SonyMusic.gr. users' names and email addresses were posted onto pastebin.com by Hackers News Network. The information, with parts omitted in the post, was obtained in the hack, the site claims.
Sophos Senior Security Advisor Chester Wisniewski detailed the latest hack in the Sophos Naked Security blog, noting this most recent incident appears to be a case of hackers kicking someone when they are down. Sony has been plagued with bad press since it was first revealed in April that Sony's Playstation Network was breached and the personal data of millions of users was compromised.
Wisniewski said it appears someone used an automated SQL injection tool to find the flaw in the Greek site attack.
"It's not something that requires a particularly skillful attacker, but simply the diligence to comb through Sony website after website until a security flaw is found," said Wisniewski. "If you are a user of SonyMusic.gr, it is highly recommended that you reset your password. Expect that any information you entered when creating your account may be in the hands of someone with malicious intent, and keep a close eye out for phishing attacks."