Sony says hacker stole 2,000 records from Canadian site

A Lebanese hacker posted nearly 1,000 records online after the SQL injection attack

The problems keep coming for Sony. On Tuesday the company confirmed that someone had hacked into its website and stolen about 2,000 customer names and e-mail addresses.

Close to 1,000 of the records have already been posted online by a hacker calling himself Idahc, who says he's a "Lebanese grey-hat hacker." Idahc found a common Web programming error, called an SQL injection flaw, that allowed him to dig up the records on the Canadian version of the Official Sony Ericsson eShop, an online store for mobile phones and accessories.

The hacker got access to records for about 2,000 customers, including their names and e-mail addresses and a hashed version of users' passwords, said Ivette Lopez Sisniega, a Sony Ericsson Mobile Communications spokeswoman. "Sony Ericsson has disabled this e-commerce website," she said in an e-mail message. "We can confirm that this is a standalone website and it is not connected to Sony Ericsson servers."

Other than the names and e-mail addresses, no personal or banking information was compromised, she said.

Sony Ericsson is a mobile-phone company run jointly by Sony and Ericsson.

Sony has been under continual cyber-attack since April, when its PlayStation Network was hacked and then pulled offline. Over the past week Sony BMG Japan, Sony BMG Greece, the Sony-run So-net Internet service provider, and a company server in Thailand all have been compromised, in what's becoming a free-for-all online attack on anything belonging to Sony.

Earlier this year Sony raised the hackles of hackers by suing George Hotz, a well-respected hacking enthusiast, who'd found a way to break Sony's controls and install Linux on his PlayStation 3. Sony eventually settled with Hotz, but to many it came off as a bully in the affair.

Now, increasingly, Sony looks like a company where security was merely an afterthought.

Earlier this week, Sony said the attacks will cost it at least US$170 million.

Sony's continued problems reflect a cavalier attitude toward computer security, said Scott Borg, CEO of the U.S. Cyber Consequences Unit, a Washington-based think tank that studies cyber-attacks. "It's a pretty obvious conclusion that they weren't managing their security well," he said.

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com

Tags intrusionSony Ericsson Mobile Communicationsconsumer electronicssecurityPhonesgamessony

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?