Sony Europe hacked by Lebanese hacker… Again

By my count this is unlucky hack number 13 for Sony. A Lebanese hacker known as Idahc dumped another user database at Sony Europe containing approximately 120 usernames, passwords (plain text), mobile phone numbers, work emails and website addresses.

The attacker claims that he used standard SQL injection techniques to acquire the database. I think it is fair to say it appears that Sony has not learned anything from the previous 12 attacks.

 

SQL injection flaw? Check. Plain text passwords? Check. People’s personally identifiable information totally unprotected? Check.

 

Idahc is the same attacker who targeted the Canadian Sony Ericsson site in May, 2011. In his note on pastebin he states: “I was Bored and I play the game of the year : ‘hacker vs Sony’.” He posted the link to pastebin with the simple note “Sony Hacked: pastebin.com/OMITTED lol.”

 

If you are a database administrator (especially a Sony one) and want to avoid your sensitive data from ending up in the headlines I recommend you actually test your web applications for SQL vulnerabilities.

 

A great resource with detailed information on how to protect against SQL injection attacks is available at codeproject.com.

 

You can also download our free technical paper Securing Websites.

By Chester Wisniewski @ nakedsecurity.sophos.com

 

Protect Your Files Quickly and Easily By Sophos Free Encryption

Protect your confidential files

Securely sending or storing data can be tricky if you don’t have a robust security infrastructure. We make encryption easy for you with Sophos Free Encryption.

This free tool lets you secure your data easily and quickly without any central infrastructure in place. Individuals and businesses alike can easily protect selected files for email communication without building up a costly back-end PKI infrastructure.

Quick and easy encryption for all your data

• Sophos Free Encryption creates password-protected encrypted archives so you can share confidential data quickly and easily. Create or extract a secure archive simply by a right clicking on a file in Windows Explorer.
• The tool integrates with most email applications to automatically create a new message with the selected encrypted archive already attached.
• Sophos Free Encryption’s integrated compression efficiently packs the archive, saving time and money in data transfer costs.
• Features like the password vault, self-extracting archives and scripting for process automation simplify handling data.
• When used in combination with our flagship encryption product SafeGuard Enterprise, Sophos Free Encryption can use SafeGuard Enterprise’s keyring to handle passwords on archives.