Sony Ericsson acknowledges Canadian e-commerce site hacked

Filed Under: Data loss, Vulnerability

Sony Ericsson logoSony has been hacked for the fifth time in four days. This time a vulnerability was discovered in the Canadian e-commerce site for their mobile phone division, Sony Ericsson.

The purported attacker, @idahc_hacker, describes himself as a "Lebanese grey hat hacker." Early this morning Pacific time in Canada he posted a database to pastebin.com containing password hashes, email addresses and full names.

@idahc_hacker is now claiming to have discovered additional databases besides the one he posted to pastebin that may contain credit card numbers, telephone numbers, discount coupons and the administrator's username and password.

I did some checking on the password hashes and they do not appear to be easily recovered MD5 or SHA1 hashes. Hopefully Sony has salted them to make it more difficult for them to be recovered.

A Sony Ericsson spokesperson, Ivette Lopez Sisniega, acknowledged the attack to Bob McMillan from IDG. She explained that "Sony Ericsson has disabled this e-commerce website."

SQL attack against Sony Ericsson

From a screenshot obtained from The Hacker News it is apparent that the SQL injection attack used to compromise the site was similar to the recent attacks on Sony sites in Greece and Japan.

This is the first time a partner company to Sony has been targeted in the ongoing attacks against their brand. Looking at the attacks over the past few weeks it is clear that they are not being centrally coordinated; rather they seem to be opportunistic from those angry with Sony over the lawsuit against George Hotz.

Some have commented that this is nothing more than a thorough-but-free penetration test. It is nothing close to free... Sony's market cap is down over $2 billion on the New York Stock Exchange.

, , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.