Skip to main content

Another attack leaks Sony customer details

Sony customers continue to be the victims of a war between the company and enraged hackers who believe their rights are being trampled upon, with Sony BMG's Greek site the latest to fall to an attack.

Personal details of users registered to the site have been downloaded by attackers unknown and published in the public domain via a text-sharing site. While credit card details are not included and some of the data is corrupt or incomplete, the real names, user names, and e-mail addresses of more than 8,000 user accounts are included in the dump.

While a major embarrassment for the company, which has become something of a target for hacktivists, crackers, and assorted ne'er-do-wells, the impact of the attack is lessened by the fact that passwords, although included in the dump, are either encrypted or corrupted - helping to prevent account theft.

Sony's woes started around the time it removed the Other OS functionality - which allowed third-party operating systems such as Linux to be installed alongside the default OS - from its PlayStation 3 console, leading to a variety of hackers attempting to restore the missing feature.

When a group succeeded in doing so, exploiting a hole in Sony's implementation of a digital restrictions management system in the console, it led rapidly to the creation of custom firmware for the playing of illegitimately downloaded games - and Sony responded with lawsuits against those who created the firmware, those who discovered the hole, and even those who merely discussed the existence of the security flaw.

Once the lawyers were involved, Sony became a high-profile target - and attackers succeeded in penetrating the company's security to download personal information on millions of its customers, including credit card details.

With Sony refusing to back down from its hardline stance against those who create custom firmware for the PS3, arguing that they've bought the console and can do as they like with it, attacks of this nature are likely to continue.

"It is nearly impossible to run a totally secure web presence, especially when you are the size of Sony," security researcher Chester Wisniewski of Sophos claimed in a statement on this most recent attack. "As long as it is popular within the hacker community to expose Sony's flaws, we are likely to continue seeing successful attacks against them.

"While it's cruel to kick someone while they're down, when this is over, Sony may end up being one of the most secure web assets on the net," Wisniewski further suggested - although that is likely to be of little comfort to those whose details are leaked during the ongoing attacks.