May 26, 2011, 10:14 AM — The real pwners of the networks that carry Sony's deeply smudged logo made a withdrawal of account information belonging to more than 2,000 users, Sony admitted yesterday.
This time it was the e-commerce portion of Sony Ericsson's Canadian site; hackers took emails, passwords and phone numbers, but no credit cards.
Sony closed down the e-commerce section of the site (with a lame joke based on a years-old cliche and colloquialism from a country on the opposite side of the world from the one that hosts the most recently victimized site).
Ldahc – who describes himself as a Lebanese gray-hat hacker, claims to be responsible for the hack, which he accomplished with a SQL injection, and posted some of the data on pastebin.com, a site that offers programmers and anyone else free temporary storage of text data. (It also asks, in particular, that users "do not paste email lists, password lists or personal information." I think ldahc violated that policy as well as Sony's.
"hackers vs Sony
He's right. Sony should shut down the of its sites and rebuild its security from the ground up.
The Sony attacks have gone way beyond the usual round of thrill-hacking pwnage, or even methodical commercial criminal cracking.
Its security is so bad and its vulnerabilities have been publicized so widely (among hackers, who knew about all this before we told you) that it has attracted copycats from around the world.
Not only did Canada get hit it also had to shut down its e-commerce shop in Indonesia because of one attack, and another in Thailand after it was penetrated and lost an email list to which the hackers have been sending phishing emails.
The Sony Canada hack came two days after the parent company estimated cost of the attacks would be $173 million – about 10 percent of the cost of the tsunami, earthquake and ongoing weather and power-related disaster recovery in Sony's native Japan.