Report: Sony Music Greece, Indonesia hacked
Sony Music Greece was hacked with its user data published to the Web and Sony Music Indonesia's Web site was defaced, according to an online news report.
The attacks, if confirmed, would be just the latest in a series of security problems the company has had in the past month starting with a distributed denial-of-service attack by the loosely organized hacker group Anonymous in early April to protest Sony's taking PS3 hackers to court.
A Sony spokeswoman provided this statement via e-mail this evening: "There was an online tweet that one page of Sony Music Indonesia's Web site was altered and Sony Music Indonesia shut down the access to such page and started investigation. We are investigating the Sony Music Greece matter."
SonyMusic.gr was attacked with a SQL injection method and customer names, user names, and e-mail addresses of potentially more than 8,300 users were posted on Pastebin.com, The Hacker News reported on Sunday. It displayed a screen shot that said "hacked by b4d_vipera." The link to the Pastebin page was empty as of Monday morning.
Chester Wisniewski at Sophos included a snippet of redacted data from the Pastebin page on his Naked Security blog post and said that it appeared to be incomplete "as it claims to include passwords, telephone numbers and other data that is either missing or bogus."
The SonyMusic.gr site was down this morning. Users should reset their passwords when they can and be alert to the possibility of phishing attacks, Wisniewski wrote.
The Hacker News first reported the Sony Greece hack on Saturday, as well as reporting that the Sony Music Indonesia site had been defaced with a screenshot saying "defaced by k4L0ng666." The Indonesia site was accessible on Monday morning.
On Friday, The Wall Street Journal reported that someone broke into the network of Sony's Japanese ISP subsidiary, So-net Entertainment, compromised e-mail accounts and stole customer rewards points. Also late last week, Sony Thailand's site was hacked and being used for phishing, according to ZDNet UK.
However, the big Sony breach came in April when someone hacked into the PlayStation Network and exposed personal information from 77 million customer accounts. Shortly thereafter, the company said attackers may also have obtained data from close to 25 million Sony Online Entertainment accounts.
It's likely that the subsequent attacks are not all connected, but could instead indicate that attackers are testing Sony's network for weaknesses and exploiting confusion among Sony customers about security of their accounts.
Updated 5:26 p.m. PTwith Sony comment.