If the cavalcade of recent Sony-related hacking incidents wasn't harming so many people around the world, maybe more could take a step back and laugh at the obvious irony of a multi-national corporation that had decided to actively and aggressively pursue PS3 hackers earlier this year subsequently having several branches of its business compromised by the very same.
As the saying goes, "when it rains, it pours." Sony BMG Greece - and its customers - are now all wet.
Cyber security blog Naked Security broke the news that Sony BMG Greece was hacked with an SQL injection tool and personal information pertaining to registered users - such as names and email addresses - has subsequently leaked online. The site elaborated that the content of the uploaded database was seemingly "incomplete," as it contained "missing or bogus" data. Even so, the SophosLabs-owned group suggested anyone with a Sony BMG Greece account should take precautionary measures.
"If you are a user of SonyMusic.gr, it is highly recommended that you reset your password," wrote Chester Wisniewski, Sophos Senior Security Adviser. "Expect that any information you entered when creating your account may be in the hands of someone with malicious intent, and keep a close eye out for phishing attacks."
The original data upload was reportedly the work of The Hacker News, whose editors told Naked Security they had received the information anonymously from the actual perpetrators.
Wisniewski believes there may be a silver lining to the recent Sony hackings that have many wondering if a company-wide online security policy is properly being enforced - or whether one exists at all.
"While it's cruel to kick someone while they're down, when this is over, Sony may end up being one of the most secure web assets on the net," said Wisniewski.
Sony, coming off a legal fight with NJ hacker George "GeoHot" Hotz and the nearly month-long outage of its PlayStation Network following a catastrophic data breach which compromised tens of millions of users' personal information, is not enjoying 2011 so far.
Last week, two different segments of its overall business were attacked in similarly different ways. Sony Thailand's public site inadvertently hosted a phishing scheme aimed at an Italian credit card company. Then, news came out that hackers had stolen $1,200 worth of rewards from over 100 customers of Sony-owned Japanese ISP So-net.
To bookend the bad news, a new fiscal forecast for the company predicts an earnings shortfall in 2011 as Sony could spend nearly 14 billion yen alone due to the PSN-crippling security breach in mid-April.
With that in mind, Wisniewski's free advice seems solid - especially in hindsight: "It would cost far less to perform thorough penetration tests than to suffer the loss of trust, fines, disclosure costs and loss of reputation these incidents have resulted in."
