Hard on the heels of the multiple hacks of Sony sites and services in recent weeks – which some experts have said has cost the company around $130 million to remediate – Sony's Greek web portal was hacked yesterday, and the account details reportedly posted online.
According to Sophos Canada's Chester Wiesniewski, the hack does not appear to have been sophisticated and was carried out using an automated SQL injection tool that demands more patience than skill.
Whilst the data dump reveals the usernames, real names, and email addresses of registered SonyMusic.gr customers, other fields – apparently including passwords and telephone numbers – are either empty or contain false data.
Wiesniewski observes this suggests that the hack was not entirely successful.
"As I mentioned in the Sophos Security Chet Chat 59 podcast at the beginning of the month, it is nearly impossible to run a totally secure web presence, especially when you are the size of Sony", he said in his latest security blog.
"As long as it is popular within the hacker community to expose Sony's flaws, we are likely to continue seeing successful attacks against them", he added.
Interestingly, Wiesniewski makes the observation that, whilst it's cruel to kick someone while they're down, when this is over, Sony may end up being one of the most secure web assets on the net.
"The lesson I take away from this is similar to other stories we have published on data breaches. It would cost far less to perform thorough penetration tests than to suffer the loss of trust, fines, disclosure costs and loss of reputation these incidents have resulted in", he observed.