Oh Look, Sony Hacked Again, Site Used For Phishing

from the count-the-hacks dept

Mon, May 23rd 2011 4:43am — Mike Masnick

Late on Friday, the news came out that Sony had been hacked yet again, and this time the hacked site was being used for phishing. This was totally unrelated to the PlayStation Network hacks, but involved a website for Sony Thailand. Still, given all the trouble Sony has had lately keeping its systems secure, this seems to just add another layer to the stack of questions about Sony's technical competence.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: hack, phishing, thailand
Companies: sony

26 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 23 May 2011 @ 4:54am

Gotta keep their series of tubes more secure than that.
[ link to this | view in chronology ]
- Anonymous Coward, 23 May 2011 @ 7:09am
  
  Re:
  Sony getting hacked is now old news, nobody cares anymore, we take for granted that they will get hacked at least once a week now. Boring. Techdirt needs to stop reporting this already.
  [ link to this | view in chronology ]
  - Anonymous Coward, 23 May 2011 @ 7:10am
    
    Re: Re:
    (It's cluttering up his blog).
    [ link to this | view in chronology ]
Capitalist Lion Tamer (profile), 23 May 2011 @ 4:59am

Sony's bold new plan
Open source personal data.
[ link to this | view in chronology ]
- Greevar (profile), 23 May 2011 @ 9:39am
  
  Re: Sony's bold new plan
  Maybe this is how we get the government to make good on their promise of "transparency"?
  [ link to this | view in chronology ]
That Anonymous Coward, 23 May 2011 @ 5:06am

Oh and after "securing" their network, and all of the bad PR as it kept expanding... they fell victim to a SQL injection attack on yet another one of their sites.
Oh and it seems they had a habit of not encrypting passwords and such... best security practices are for other companies I guess.
This time the lucky site was Sony Music in Greece.
source -
http://it.slashdot.org/story/11/05/23/0237224/Sony-Music-Greece-Falls-To-Hackers
[ link to this | view in chronology ]
- Anonymous Coward, 23 May 2011 @ 5:38am
  
  Re:
  This is just bad...SQL injection is very very preventable, it just shows extreme apathy.
  [ link to this | view in chronology ]
arcan, 23 May 2011 @ 5:50am

ya know they eventually just gonna find that some Microsoft employee did this particular hack just so they can laugh at Sony's insecurity system more
[ link to this | view in chronology ]
- Dark Helmet (profile), 23 May 2011 @ 5:58am
  
  Re:
  "ya know they eventually just gonna find that some Microsoft employee did this particular hack just so they can laugh at Sony's insecurity system more"
  
  Yeah, it was obviously a conspiracy theory. The SQL injection was fired from the Grassy Node....
  [ link to this | view in chronology ]
  - Anonymous Coward, 23 May 2011 @ 6:09am
    
    Re: Re:
    Grassy node -- heh heh heh
    [ link to this | view in chronology ]
  - The eejit (profile), 23 May 2011 @ 6:20am
    
    Re: Re:
    Which one? MiT, or Silicon Valley?
    [ link to this | view in chronology ]
  - Greg G (profile), 23 May 2011 @ 6:35am
    
    Re: Re:
    WTF? There was a 2nd injector??
    [ link to this | view in chronology ]
    - Dark Helmet (profile), 23 May 2011 @ 6:48am
      
      Re: Re: Re:
      Of course there was. Look at the attack that actually went through. You can see how the network traffic all of the sudden shapes back and to the left....back and to the left....back and to the left....
      [ link to this | view in chronology ]
      - harbingerofdoom (profile), 23 May 2011 @ 8:10am
        
        Re: Re: Re: Re:
        you damn conspiracy theorists...
        
        everyone knows it was anon using a old outdated and slow loic from the 6th floor of the data center.
        
        just accept the 'official' story they want you to accept already would ya?
        [ link to this | view in chronology ]
        
        Dark Helmet (profile), 23 May 2011 @ 8:32am
        
        Re: Re: Re: Re: Re:
        I'm pretty sure it was Zero Cool with a bolt-action Xerox mouse...
        [ link to this | view in chronology ]
        
        Anonymous Coward, 23 May 2011 @ 11:11am
        
        Re: Re: Re: Re: Re: Re:
        the dpi is low, no way they could have clicked attack in that kind of succession, not even a trained army IT professionals have that kind of click speed. Someone was definitely on the grassy node.
        [ link to this | view in chronology ]
        
        harbingerofdoom (profile), 23 May 2011 @ 2:50pm
        
        Re: Re: Re: Re: Re: Re: Re:
        look, just because you 'think' you may have seen a puff of ethernet near the default gateway behind the grassy node doesnt mean its evidence of anything...
        [ link to this | view in chronology ]
      - Chronno S. Trigger (profile), 23 May 2011 @ 8:23am
        
        Re: Re: Re: Re:
        But wasn't it proven that the jet of information would force the server in the direction of the ping's origin?
        [ link to this | view in chronology ]
Di Fiasco, 23 May 2011 @ 6:44am

Quote Scotty: "I know this ship like the back of my..(CLUNK)"
[ link to this | view in chronology ]
- Niall (profile), 24 May 2011 @ 6:37am
  
  Re:
  Which is one reason that movie is considered apocryphal at best (and apo-crap-ful normally).
  [ link to this | view in chronology ]
Anonymous Coward, 23 May 2011 @ 7:05am

Sony Spokesperson to audience: "I can assure you that our security has been corrected. You can rest assured that your personal data is now secure."

*Receives a note from staff. Looks at note and quietly mumbles angrily to self, briefly looks at crowd, gives a short smile, and angrily stomps away in a hurry.
[ link to this | view in chronology ]
Thanatossassin (profile), 23 May 2011 @ 8:05am

Sony didn't want to pay top dollar for Network Security, It's really as simple as that. These aren't problems Executives Project Managers should ever have to worry about, unless they're being cheap with IT or have an incompetent HR staff, which also may be a result of being cheap.

Spend the money, protect your investments, make some jobs, keep hacking. Wash, rinse, repeat.
[ link to this | view in chronology ]
- That Anonymous Coward, 23 May 2011 @ 8:22am
  
  Re:
  No the people up on high believe that they are protected from these sorts of things.
  They cut away department budgets to get a bonus, and when this happens they start screaming at the 1 guy left in the system security department.
  Sadly that guy is someones nephew who knew how to make a MySpace account so he knew everything about computers.
  
  As this did not hurt their paychecks directly, its a nonissue. Its the same thought pattern that we saw when the housing bubble popped. As long as I am getting paid, who cares how the sausage is made.
  [ link to this | view in chronology ]
Anonymous Coward, 23 May 2011 @ 9:11am

My dream is that the online Internet presents of Sony is destroyed.
That they are forced into chapter 7 and liquidated.
[ link to this | view in chronology ]
TechnoMage (profile), 23 May 2011 @ 10:46am

UGH
First thing you learn to do when securing a PHP/etc website is to block SQL injections... FIRST THING... I mean ... ABSOLUTE FIRST... maybe after using a firewall, and not using plain text passwords... but it isn't like SONY would fail at any of these 3..........

UGH... the stupidity hurts my head
[ link to this | view in chronology ]
HrilL, 23 May 2011 @ 11:29am

I guess paybacks a bitch
Hmm not that all the data breaches are related to the PS3 hack and Geo hatz. I do think it has the possibility. Sony got information on everyone that put money into his defense fund. This likely pissed people off. Sure seems like Sony's lost way more money and respect than if they would have just kept the Linux support for the PS3. Though I do think they should have been using actual security when it comes to storing customer data. Wonder if anything else Sony related will be hacked. Looks like the can of worms has been opened.
[ link to this | view in chronology ]