Latest Sony Hack Targets Japan Music Site

This is getting a little ridiculous. Analysts have discovered yet another flaw on Sony's network, this time via Sony Music Japan.

"The Hacker News sent us a tip this evening documenting a couple of vulnerable Web pages on SonyMusic.co.jp that allowed hackers to access their contents through SQL injection," Chester Wisniewski with Sophos wrote in a blog post.

On the plus side, the data in the database does not include names, passwords, or other personally identifiable information. There are, however, two databases on the site and it's not clear whether they have sensitive information, Wisniewski said.

"It isn't clear whether the hackers are able to inject data into the database, or simply access the tables and records it contains. If they are able to alter the records, this could be used to insert malicious code that could be used to compromise people browsing the site," he wrote.

Who is behind this attack? Wisniewski speculated that the attackers "appear to be the same crew who targeted Fox.com earlier this month." That group is known as Lulz Security, and the good news is that they usually attack for fun, "not to steal credit cards and commit other types of fraud," he said. They were pretty clear in their message: "We just want to embarrass Sony some more."

This, of course, is just the latest security snafu for Sony. A Sony site in Greece was reportedly hacked in early May. Hackers also managed to infiltrate Sony's subsidiary ISP, So-net Entertainment Corp., and make off with around $1,225 in redeemable gift points; another hack launched a phishing site on one of Sony's servers. Not to mention the massive hack that took down the PlayStation Network and Sony Online Entertainment.

As a result, Wisniewski acknowledged that "there is an enormous target on Sony's back."

"I hope this is the last time I have to report on a flaw at Sony. Sony has announced they are working with several professional organizations to get their security house in order and for their sake I hope this happens sooner rather than later," he concluded.

Sony said Monday that the effects of the Japan earthquake and tax provisions will drag the company into a $3.18 billion loss for its 2011 fiscal year. Costs from the PlayStation Network hack are expected to total $171 million, the company said.

About Our Expert

Chloe Albanesius

Executive Editor, News

My Experience

I started out covering tech policy in DC for The National Journal, where my beat included state-level tech news and all the congressional hearings and FCC meetings I could handle. I later covered Wall Street trading tech before switching gears to consumer tech. I now lead PCMag's news coverage.

My Areas of Expertise

Getting my start in DC means I still have a soft spot for tech policy; Congressional hearings can sometimes be as entertaining as a Bravo reality show, for better or worse. But PCMag is all about the technology we use every day, as well as keeping an eye out for the trends that will shape the industry in the years ahead (or flop on arrival). I've covered the rise of social media, the iOS vs. Android wars, the cord-cutting revolution that's now left us with hefty streaming bills, and the effort to stuff artificial intelligence into every product you could imagine. This job has taken me to CES in Vegas (one too many times), IFA in Berlin, and MWC in Barcelona. I also drove a Tesla 1,000 miles out west as part of our Best Mobile Networks project. Of late, my focus is on our hard-working team of reporters at PCMag, guiding and editing their robust coverage.

Read the latest from Chloe Albanesius

Read full bio