Sony succumbs to another hack leaking 2,500 "old records"

Filed Under: Data loss, Featured, Podcast, Privacy, Vulnerability

Arcade photo courtesy of Sam Howzit's Flickr photostreamSony seems to be living a nightmare this week. In a statement made today to Reuters they acknowledged another Sony property had been attacked by malicious hackers and more data stolen and published.

Even more embarrassing was the fact that the stolen information was published on a Sony web server that reportedly is part of Sony Electronics.

The information disclosed contained names and partial addresses of Sony customers who had participated in a 2001 sweepstakes. Sony's comment is as follows:

"The website was out of date and inactive when discovered as part of the continued attacks on Sony,"

This appears to be a partial repeat of what they disclosed in their second statement acknowledging that Sony Online Entertainment had been compromised. "Don't worry it was old data on a forgotten server."

I spoke with John Moe from Marketplace Tech Report on National Public Radio (NPR) last Wednesday. We discussed how long most organizations keep this kind of information and whether there are any regulations requiring it to be protected or deleted. You can listen to it here:

(4 May 2011, duration 4:00 minutes, size 1.9MBytes)

In an organization as large as Sony the hackers targeting them may be able to continue to find low hanging fruit... Unpatched old equipment at any of the various Sony subsidiaries could continue to embarrass Sony publicly.

Meanwhile, Sony Playstation Network users are starting to get quite impatient as they await the return of the online gaming service.

In this case Sony is certainly doing the right thing. It is better to be offline and identify what must be done to return the service to a secure state than to simply turn it back on and allow attackers to target even more data.

Remember arcades? You can "chat" while competing and you even might see the sunshine when you leave the house. It will be okay gamers, soon enough you will be able to return to your couches.

Creative Commons image of an arcade courtesy of Sam Howzit's Flickr photostream.

, , ,

You might like

6 Responses to Sony succumbs to another hack leaking 2,500 "old records"

  1. FNG · 1203 days ago

    WTF!!! Knock it off. This is ridiculous. I will never leave Sony now. These a holes are going way to far and need to be tought a lesson. Who do they think they are. COWARDS!!!

  2. Paul · 1203 days ago

    As a former webmaster, I can't count how many times I reminded the marketing organization to take down their OLD sweepstakes and other promotional sites. The in-house hosted ones we could kill off ourselves, but the externally created and hosted properties were a nightmare. Many times we found contracts still in place 4 or 5 years later, and someone paying a bill to keep a long defunct site on-line with all of it's data still in-place.

  3. Dean Mears · 1203 days ago

    i want my money back for the playstation i bought my for my kids,
    it is now functioning at less than 50% of it's worth.
    what is the chances of getting anything back.

    .

  4. Why did software manfactures make their games so PSN dependant? Seems like everything goes through the PSN login process before you can get online. It's this restrictive thinking by Sony that got people motivated to get their PSNs on OtherOS and fueled the HomrBrew community. Why do I need to login into Sony's unsecured network to play CoD or BattleField? Let me play my games with out the Sony gateway

    • DIY_Woman · 1188 days ago

      Isn't that typical Sony? They always have the proprietary memory sticks, cell phone chargers, even the old "Beta" videotapes, etc. They seem to always be locking their customers into only one option.

      • Great Dane · 1052 days ago

        Sad but true because they have such great products that could stand on there own yet Sony has these self confidence issues, to where they seem to think the consumer won’t support their innovation so they make it all proprietary. They are close to innovation in my book as Apple (which is very proprietary) and yet they have fallen down on innovation that made them so great like pulling the PS3 software OS for IBM's multi tasking software.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.