On Tuesday, Sony Ericsson Canada's eShop, an online store for mobile phones and accessories, was breached, exposing the personal details of thousands of users. Sony Ericsson has disabled the website and claims it was not conncted to any Sony Ericsson servers.
"On 24 May, Sony Ericsson can confirm that it experienced a security breach of an externally hosted website in Canada," said a spokesperson. "As a result, approximately 2000 customer records, including first name, last name, email addresses and the hash of the encrypted passwords were obtained by an outside party.
"No additional personal or credit card details have been compromised."
This is the tenth known Sony hack since attacks against the Sony PlayStation Network and Qriocity online services in early April. According to The Hacker News, the personal details of a thousand users in Canada were exposed and posted not only on Pastebin, a storage ground for text files mostly used by programmers, but in users' Facebook and Twitter accounts. Lebanese hacker "Idahc" claimed responsibility for the attack.
Yesterday we reported that Sony Music Japan's site was breached through an SQL injection; on Sunday the personal details of users of the Sony Music Greece website were posted. Hackers also managed to infiltrate Sony's subsidiary ISP, So-net Entertainment Corp., and make off with around $1,225 in redeemable gift points; another hack launched a phishing site on one of Sony's servers in Thailand.
As a result, Sophos security consultant Chester Wisniewski recently wrote in a blog post that "there is an enormous target on Sony's back."