Just weeks after PlayStation’s network break a Lebanese hacker group (Idaho) boasts of breaking into the Sony’s shopping database at ca.eshop.sonyericsson.com/with a “simple sql injection.” In this e-shop users names, user name, credit card information and passwords were released in a massive dump on their Facebook and Twitter pages advising the unscrupulous to access the information contained in the dump in a text file on pastebin. The website is down right now, but just imagine how many 1,000 of people have used this particular website to make their Sony shopping experience more convenient.
But they aren’t the only ones to hit the hacker games hard this week. LulzSec hacked into and released the information they found on Sony’s Japanese website data base. This group of hackers may be in it for the “fun” but they are not joking around with who they attack as they also take credit for hacking into the Fox.com login database, including emails and passwords. Then the LulzSec Hack & Leak pointless ATM information also.
Customers aren’t the only ones that now doubt the security of Sony’s databases, websites and PlayStation Live systems. According to a recent report by PC Magazine Sony will be testifying at an upcoming House of Representatives privacy hearing, after just months ago refusing to.
What does Sony have to say? Kazuo Hirai, the chairman of Sony Computer Entertainment claims in an interview with PC Magazine “As yet, we do not know who was responsible for the intrusion; nor do we know precisely the amount of information that was taken; nor do we know with certainty the number of users whose data was actually affected,” Hirai wrote. “These gaps in what we know are not for lack of trying by experts, but rather an unfortunate testament to the skill of those who perpetrated the attacks. Some aspects of the intrusion may never be known. To date, however, there is no evidence that credit card information was taken.”
According to The Hacker News this makes 10 breaches in just a couple of months of Sony’s security systems, making not Play Station but hack station the name of the game when it comes to Sony products. And, this is a game. Now it’s a hot topic and the hotter it gets the more that hackers want to try their hand at it to see if they can do bigger and better each time the access the system.
Why would hacker’s be so interested in Sony – is it really that it’s a “hot topic” and they are going for bragging rights? That could be part of it, but unfortunately Sony may have brought some of this trouble on themselves when they challenged hackers recently and sued a popular hardware hacker.
In DailyTech Magazine, Phil Lieberman, CEO of online security consulting firm Lieberman Software, said Sony made a fatal mistake in the flagrantly hostile approach it took towards the hacking community, with regards to Linux on the Sony PlayStation 3 — a use it initially promoted. He states, “Telling them to bring it on is not the best strategy. I think Sony is beginning to understand it horribly underinvested in security.”
He said Sony’s decision to sue beloved hardware hacker George “GeoHot” Hotz provoked “nuclear responses” from hackers. Sony’s suit against GeoHot was particularly controversial as the company sought — and was granted access by federal courts — to GeoHot’s personal Twitter, Facebook, Gmail, and other accounts — seemingly a gross invasion of privacy.”
Maybe it’s simply a matter of Sony being “cheap.” Since some claim that Sony is “confident it will pay only $2 USD per lost record from its various web properties. That’s less than 1 percent of the average payout of $318 USD per lost record that was the average in 2010.”
Whatever the case, 10 or 11 recent breaches in security do not make customers happy. Unhappy customers end up creating unhappy shareholders. Maybe they should reconsider what exactly those “lost records” translate to in more than dollars and cents.
See the pastebin screen shot here