Sony Loses Yet More Customer Records, 3 More Sites Hacked - Techist - Tech Forum

Go Back   Techist - Tech Forum > Techist Forum Information > News > Gaming
Click Here to Login
Closed Thread
Thread Tools Display Modes
Old 05-26-2011, 11:47 AM   #1 (permalink)
Destroyer of headlines
Megatron's Avatar
Join Date: Dec 2010
Location: Headlines
Posts: 629
Default Sony Loses Yet More Customer Records, 3 More Sites Hacked

Should Sony quit the internet?

It's almost unprecedented. We haven't seen something quite like this, since -- well, the days of the great Sony Corp. (6758) battery recall. It seems like every day there's a new Sony web property that's been compromised.

In recent weeks the company's two largest databases -- the PlayStation Network (PSN) database and the Sony Online Entertainment (SOE) database -- were fully compromised, multiple music sites/databases [1] [2] were compromised via SQL injection, $1,225 USD in points were stolen from a Sony ISP subsidiary, and Sony's servers were found to be hosting a malicious phishing page.

Now yet another attack has struck the befuddled company.

This time around hackers have struck Sony Ericsson’s Eshop online store for mobile phones in Canada, making off with 2,000 customer records. The records include names, email addresses and encrypted passwords, Sony wrote in a statement it released late yesterday.

Idahca, a Lebanese hacking group, has claimed responsibility in a Pastebin dump of user records for the attack. The hackers said that they could have gathered more sensitive details like credit cards, but declined to.

Sony sites in Thailand and Indonesia were also compromised, bringing the total of major breaches to 10 or possibly 11, based on our accounting. It appears that all of these sites were infiltrated using the same SQL injection attack route (affectionately nicknamed a "Little Bobby Tables" attack), which took down the Sony BMG Greece and Japan sites earlier this week. Sony appears to have done nothing effective to prevent its other sites, even after the earlier compromises.

Credit card information is stored on an e-commerce website, a standalone platform. This platform is separate from the servers on which the user database is found. Idahca's comments indicate that the group claims to have had access to the e-commerce servers as well. Sony has shut down both the user server and the e-commerce servers, while it tries to investigate the breach.

Phil Lieberman, CEO of online security consulting firm Lieberman Software, said Sony made a fatal mistake in the flagrantly hostile approach it took towards the hacking community, with regards to Linux on the Sony PlayStation 3 -- a use it initially promoted. He states, "Telling them to bring it on is not the best strategy. I think Sony is beginning to understand it horribly underinvested in security."

He said Sony's decision to sue beloved hardware hacker George "GeoHot" Hotz provoked "nuclear responses" from hackers. Sony's suit against GeoHot was particularly controversial as the company sought -- and was granted access by federal courts -- to GeoHot's personal Twitter, Facebook, Gmail, and other accounts -- seemingly a gross invasion of privacy.

Sony is confident it will pay only $2 USD per lost record from its various web properties. That's less than 1 percent of the average payout of $318 USD per lost record that was the average in 2010. And in recent years the cost of data lost has tended to increase by a factor of 1.5 each year. Clearly Sony is hoping for some sort of miracle to save it financially.

Sony also needs some sort of miracle to prevent more attacks. Even with plenty of forewarning, Sony still looks as inept as ever; utterly clueless at securing its online properties. The company clearly is lost as to what to do. Of course -- worst case scenario -- Sony could always quit the internet.

The company is currently facing returns of its products internationally and class action lawsuits from disgruntled former customers.

Megatron is offline  
Old 05-26-2011, 12:41 PM   #2 (permalink)
Grandfather of Techist

Trotter's Avatar
Join Date: Jan 2005
Location: The South
Posts: 31,385
Default Re: Sony Loses Yet More Customer Records, 3 More Sites Hacked

It would be best if Sony would just quit now. This is beyond negligence on their part.


Antec 300 Illusion / Antec EarthWatts EA650 650W / ASUS GeForce GTX 960 GTX960-DC2OC-2GD5
AMD Ryzen 5 1600 x6 core / MSI B350 Gaming Plus
Samsung 970 EVO 250GB M.2 SSD / WD Blue SSD 250GB / WD Black 750GB / WD Green 1TB
2x4GB DDR4 2400 / Win10 Pro x64
Mionix Naos 7000 Mouse - CM Storm QuickFire Rapid Mech Keyboard

R.I.P. Danny L. Trotter ... 14 Nov 1945 - 4 Sept 2009
Trotter is offline  
Old 05-26-2011, 07:35 PM   #3 (permalink)
Build Guru
PP Mguire's Avatar
Join Date: Dec 2004
Location: Fort Worth, Texas
Posts: 28,953
Default Re: Sony Loses Yet More Customer Records, 3 More Sites Hacked

BRB guys, Xbox Live time.
"Resolution is just a number." #Ubisoft
Origin/Steam = PP_Mguire Twitch = pp_mguire Instagram = ppmguire PSN = PP_Mguire

Access to my Plex PM me.
PP Mguire is online now  
Old 05-29-2011, 04:28 PM   #4 (permalink)
Super Techie
Pyrothrillah's Avatar
Join Date: Mar 2006
Location: South of you
Posts: 464
Default Re: Sony Loses Yet More Customer Records, 3 More Sites Hacked

At this point, it's time to fire the security team for Sony.

Still, PS3>360
Follow My Twitch Stream
Buy Discounted PC Games and more!
Free Amazon Prime 30-Day Trial

New build as of 3/5/2014
Intel Core i7-4930K Ivy Bridge-E 3.4GHz
EVGA GeForce GTX 780 Ti
Corsair h100i Liquid CPU Cooler
G.SKILL RipJaws 16GB (2 x 8GB) DDR3 1600
ASUS Sabertooth X79 LGA 2011
Corsair 540 Case
Corsair AX850 Professional Series Modular PSU
Microsoft Windows 7 Home Premium SP1 64-bit for System Builders

<---- If you feel sorry for me, or either I helped you - throw me some rep :D
Pyrothrillah is offline  
Old 05-31-2011, 09:49 PM   #5 (permalink)
Master Techie
overlord20's Avatar
Join Date: Dec 2006
Location: spokomptan
Posts: 2,308
Default Re: Sony Loses Yet More Customer Records, 3 More Sites Hacked

Don't start that Pyro...
overlord20 is offline  
Old 06-01-2011, 01:37 AM   #6 (permalink)
Lord Techie
Kharn's Avatar
Join Date: Feb 2007
Posts: 7,638
Default Re: Sony Loses Yet More Customer Records, 3 More Sites Hacked

Originally Posted by overlord20 View Post
Don't start that Pyro...
Yes don't start that Pyro, I don't want to start dishing out dings the news area isn't for flame wars.

Now to the news story, I am a little shocked that sony has yet again has sprung a leak. One leak is a forgivable mistake can happen to anyone, but Two leaks are worrying and when number Three roles around you have a serious problem on your hands especially when your a company with a bigger bank balance than some country's who customers trust in.

What I propose Sony does is, perform a full code review of any network enabled services you have and also pay attention to IDS systems some times it's a false positive but it can and will save your bacon. This code review won't happen over night as I can just picture how much code they will have to review but it needs to be done sooner rather than later, I would also say in the case of the PS3 to not alienate the community developers like the guy who found a way of making it possible to run home brew games on it he and others like him would love the chance to help improve the service and make it more reliable and secure for users.
Visit this and do something for the world!

Want to do even more? Take a look here and join the fight on human trafficking.

Hear and you forget, see and you remember, do and you understand.

Kharn is offline  
Old 06-01-2011, 01:39 AM   #7 (permalink)
rustle rustle
35g700's Avatar
Join Date: Apr 2008
Location: Maine
Posts: 1,581
Default Re: Sony Loses Yet More Customer Records, 3 More Sites Hacked

If I were a PS3 user I'd be demanding a refund for my PS3 at this point.
Core i7 8700K @ 4.8GHz - Asus Z370-E - Gigabyte GTX 970 - 16GB DDR4 3000MHz - 500GB Samsung 960 EVO - Windows 10 Pro x64
Mid 2014 Retina MacBook Pro 13.3" - 2.6GHz core i5 - 16GB DDR3 1600MHz - 128GB - macOS High Sierra
Sony PS3 & PS4 500GB || iPhone 6s 64GB iOS 11 || Sony a6000
35g700 is offline  
Old 06-01-2011, 02:10 AM   #8 (permalink)
Troll Patrol
JoshuaJay's Avatar
Join Date: May 2010
Location: Over the Rainbow
Posts: 295
Default Re: Sony Loses Yet More Customer Records, 3 More Sites Hacked

Maybe if they stopped filing frivolous law suites against home brew modders then the entire hacker underground wouldn't be waging war with them.

As of now there has been no evidence of malicious use of the information stolen (to my knowledge). They are simply proving the age old Open Source point. And I say let them

Totally on the hackers side on this one.
'Music is a moral law. It gives soul to the universe, wings to the mind, flight to the imagination, and charm and gaiety to life and to everything.' - Plato
Please REP me if I help you!
JoshuaJay is offline  
Old 06-01-2011, 07:03 PM   #9 (permalink)
Junior Techie
Join Date: Apr 2011
Location: Wyoming, USA
Posts: 58
Default Re: Sony Loses Yet More Customer Records, 3 More Sites Hacked

Maybe if people stopped outright violating EULA/ToS aggrements Sony wouldn't feel the need to stand up for themselves and THEIR technology. We buy it we don't get to disassemble. I can see the point if you want to have your way with it because you bought it. What you can't do is hack the PS3 and use PSN. If Geohotz had never signed into PSN he would have been in the clear but this was not the case. That was the solid evidence used against him in court. I also don't understand how anybody could be on the side of a hacking collection or indepents hackers that choose to alienate a customer base to prove their point. Supposedly the very base they are here to protect. The only thing that was wrong about that case IMO is the magistrate allowing the release of IP addresses. That is a clear violation of privacy, but on the other hand it has already been stated that no one should expect any amount of privacy concerning everything from IM's to Emails.

I suppose it is also cool that hackers are jacking into the DoD's developers systems as well. Would China do justice with some of our tech? I don't think so.
BloodyMercy is offline  
Old 06-02-2011, 12:56 PM   #10 (permalink)
Private Joker
carnageX's Avatar
Join Date: Feb 2007
Location: South Dakota
Posts: 24,558
Default Re: Sony Loses Yet More Customer Records, 3 More Sites Hacked

GeoHotz got in trouble for releasing the root key of the PS3 OS so that it could be modded...not for signing into PSN after modding his PS3. He posted instructions on his blog, and Sony didn't like that. Which, IMO, is BS.

And, those are different kind of hackers, dude... People that are attempting to hack into the DoD's system, are not the same kind of people that are trying to prove a point to a large corporation like Sony by taking their network down.

Laptop: MSI GT70 2OC-059us | i7-4700MQ | 16GB | GTX 770m | 500GB SSD / 750GB HDD | 17.3" | Win10 Pro
Desktop: 4690k | 12GB g.Skill RipJaws | GTX 970 | 520hx | Z87X-UD4H | Corsair Vengeance C70 | Corsair H110 | Acer 25" | Acer 22" | Win10
Mobile: Samsung Galaxy Note 5

If I help you, or you just like what I said, rep me by clicking the under my post
carnageX is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
US Treasury Web Sites Hacked, Serving Malware Osiris Viruses, Spyware and Malware 0 05-04-2010 08:07 AM
Millions of Customer Records Sold Osiris Viruses, Spyware and Malware 0 11-17-2009 04:54 PM
Sony Report: PlayStation Network Possibly Hacked Osiris Sony Playstation 1 03-28-2008 04:57 PM
Cant load ebay or Paypal sites.. All other sites OK TrukinDave HijackThis Logs (finished) 1 02-11-2007 09:47 PM

Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 03:05 PM.

Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2018, vBulletin Solutions, Inc.