OCCASIONALLY SECURE GAMING Sony has suffered at the hands of hackers, again.
Security firm Sophos reports that Sony, which lately has acquired a terrible reputation for this sort of thing, has been hacked through an SQL injection flaw, which of course has been exploited.
"Another day, another attack on Sony. I reported yesterday on the SQL injection attack exposing user information on SonyMusic.gr and today attackers have found flaws in SonyMusic.co.jp", wrote Chester Wisniewski, a senior security advisor at the firm.
He added that Sophos had been sent some information that documented the flaws, but explained that it did not appear that any personal, or sensitive information had been, or could be, exposed.
"The good news? The database information that was published does not contain names, passwords or other personally identifiable information," he added. "The attackers noted that there are two other databases on the site that are vulnerable and it remains unclear whether they contain sensitive information."
According to Wisniewski the attack has some of the same elements as the one that got into the US TV and media monster Fox Broadcasting's systems earlier this month.
"Known as Lulz Security, the group appears to attack sites primarily for fun and political reasons, not to steal credit cards and commit other types of fraud", he explained. "This doesn't change the criminality of their behavior. Accessing systems without authorisation is still a crime in most countries."
Whether or not it is particularly dangerous, the attack does kick more sand in Sony's face, while it's still on the ground.
Security firm Sophos reports that Sony, which lately has acquired a terrible reputation for this sort of thing, has been hacked through an SQL injection flaw, which of course has been exploited.
"Another day, another attack on Sony. I reported yesterday on the SQL injection attack exposing user information on SonyMusic.gr and today attackers have found flaws in SonyMusic.co.jp", wrote Chester Wisniewski, a senior security advisor at the firm.
He added that Sophos had been sent some information that documented the flaws, but explained that it did not appear that any personal, or sensitive information had been, or could be, exposed.
"The good news? The database information that was published does not contain names, passwords or other personally identifiable information," he added. "The attackers noted that there are two other databases on the site that are vulnerable and it remains unclear whether they contain sensitive information."
According to Wisniewski the attack has some of the same elements as the one that got into the US TV and media monster Fox Broadcasting's systems earlier this month.
"Known as Lulz Security, the group appears to attack sites primarily for fun and political reasons, not to steal credit cards and commit other types of fraud", he explained. "This doesn't change the criminality of their behavior. Accessing systems without authorisation is still a crime in most countries."
Whether or not it is particularly dangerous, the attack does kick more sand in Sony's face, while it's still on the ground.