Another Sony site hacked

Sony Portugal gets hit by the same hacker who went after the PlayStation creator last Friday.

Hacker

Another hacker has hit Sony following a string of attempts on the PlayStation creator.

This time a Lebanese hacker known as idahc the same person who went after Sony Europe last Friday dumped email addresses from a Sony Portugal database to prove they had infiltrated the website.

The hacker claimed on Pastebin they had discovered three different flaws on SonyMusic.pt, including SQL injection, cross-site scripting and iFrame injection vulnerabilities.

"The question that remains is whether Sony is reacting to this situation at all, or whether their strategy is simply to hope it goes away," said Chester Wisniewski, senior security advisor at Sophos Canada, in a blog post.

"You would expect an organisation with 170,000 employees and over $88 billion in revenue over the last 12 months to be able to round up the resources necessary to secure their web presence."

At the time of publication, Sony had not responded to a request for additional information on the hack.

Earlier this week, hacking group LulzSec claimed it had broken into Sony's computer systems and posted the results online.

Sony has been pulverised by hackers in recent months, following the significant breaches in April, which saw the company's PlayStation Network shut down.

During this week's E3 2011 gaming conference, Sony yet again apologised for the PlayStation Network outages.

Despite the criticism it has received for its security practices, some in the industry have come forward to defend the entertainment giant.

"It's easy to forget that very large organisations with different geographies and business units cannot move quickly when it comes to something as difficult as improving security across all of the internet gateways and applications that it runs," said Neil Campbell, global general manager for security at Dimension Data.

"Good security takes time to build and needs to be constantly reviewed and updated to ensure robustness to the new challenges that inevitably arise."

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Recommended

Sopra Steria cyber attack costs to hit €50 million
Security

Sopra Steria cyber attack costs to hit €50 million

26 Nov 2020
Sophos warns customers of potential data leak
Security

Sophos warns customers of potential data leak

26 Nov 2020
Weekly threat roundup: VMware, GitHub, Facebook, and MobileIron
Security

Weekly threat roundup: VMware, GitHub, Facebook, and MobileIron

26 Nov 2020
Egregor ransomware could take up where Maze left off
Security

Egregor ransomware could take up where Maze left off

26 Nov 2020

Most Popular

80% of cyber professionals say the Computer Misuse Act is working against them
Security

80% of cyber professionals say the Computer Misuse Act is working against them

20 Nov 2020
Cisco acquires container security startup Banzai Cloud
Security

Cisco acquires container security startup Banzai Cloud

18 Nov 2020
350,000 Spotify users hacked in credential stuffing attack
Security

350,000 Spotify users hacked in credential stuffing attack

24 Nov 2020