Hackers just can’t seem to leave Sony alone. Following the month-long PlayStation Network attack and more recent attacks on Sony’s Thailand and Japan sites, the company’s Greece music site has been attacked, reports security firm Sophos.
The site was apparently the victim of a simple SQL injection attack, which gave the hackers access to user data including usernames, passwords, real names, and email addresses. Evidence of the hack was uploaded to Pastebin.com by the blog The Hacker News.
This hack is slightly more severe than the attack on Sony’s Thailand site, which just redirected users to a phishing site. It’s more reminiscent of the PlayStation Network attack, where hackers were able to steal personal user data and credit card information — pretty much the worst-case scenario for any company.
At this point, it’s pretty clear that hackers are targeting all of Sony’s sites and services, no matter how obscure. Sony should anticipate this and have the security of all of its sites double and triple-checked. As Sophos points out, that will likely cost less than fixing exploits after the fact, not to mention dealing with the fallout of yet another security failure.
As with any hack, it’s recommended that users of Sony’s Greece music site change their passwords as soon as possible.