[ISN] Sony says hacker stole 2,000 records from Canadian site

From: InfoSec News <alerts_at_private>
Date: Wed, 25 May 2011 02:50:41 -0500 (CDT)

By Robert McMillan
IDG News Service
May 24, 2011

The problems keep coming for Sony. On Tuesday the company confirmed that 
someone had hacked into its website and stolen about 2,000 customer 
names and e-mail addresses.

Close to 1,000 of the records have already been posted online by a 
hacker calling himself Idahc, who says he's a "Lebanese grey-hat 
hacker." Idahc found a common Web programming error, called an SQL 
injection flaw, that allowed him to dig up the records on the Canadian 
version of the Official Sony Ericsson eShop, an online store for mobile 
phones and accessories.

The hacker got access to records for about 2,000 customers, including 
their names and e-mail addresses and a hashed version of users' 
passwords, said Ivette Lopez Sisniega, a Sony Ericsson Mobile 
Communications spokeswoman. "Sony Ericsson has disabled this e-commerce 
website," she said in an e-mail message. "We can confirm that this is a 
standalone website and it is not connected to Sony Ericsson servers."

Other than the names and e-mail addresses, no personal or banking 
information was compromised, she said.


Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
Received on Wed May 25 2011 - 00:50:41 PDT

This archive was generated by hypermail 2.2.0 : Wed May 25 2011 - 00:53:59 PDT