First, it was Sony BMG Greece and around 8000 personal information of customers was compromised, and now Sony Ericsson has messed it up again. More than 2000 customer information like e-mail addresses, passwords, and telephone numbers has been hacked showing the vulnerability of Sony Canadian e-commerce site.
SQL injection attacks
Idahca (Lebanese hacker Group) has hacked the database of ca.eshop.sonyericsson.com with a simple SQL injection. Fortunately, according to Sony, passwords taken were encrypted and no credit card details were lost. Well, that's what they say. According to the spokesperson, "Their personal information was posted on a website called 'The Hacker News'. The information includes registered names, email addresses and encrypted passwords. But it does not include credit card information," Sony Ericsson said. Sony Chairman Howard Stringer said in an interview last week that the attack was a "hiccup" in its Internet strategy and that "Nobody's system is 100 percent secure." That may be so, but some statements in the past have hinted that Sony was running outdated Web server software and had no firewall. With such known information, it is not a surprise Sony has become a play area for Hackers to test their strengths.
Hackers are moving slowly and surely targeting various business units of Sony, showcasing the vulnerability of Sony security, and it’s outdated software. Such focused attacks are compromising Sony’s image and its reputation, and the users are increasingly becoming frustrated. SQL injections were used in the latest attack too. SQL injection attacks are fairly basic attacks, taking advantage of programming mistakes. Hackers insert some database queries onto the Website. When the information is submitted, if the Website doesn't process the text properly, it will allow the malicious queries to execute on the database and return the results to the attacker. Such simple attempts are becoming successful, showcasing the lack of follow-ups and security checks by Sony. Hiring 3 security firms to investigate the attacks and to redeem its reputation, Sony is taking some steps in the positive direction, but with $ 171 million already spent, can Sony guarantee the safety of its customers' personal information? Companies like Sony (the giants in the consumer market) should take extra steps to safeguard customer information, as one expects more from such a reputable corporate. If such big giants are unsecure, it makes one wonder – is the web so unsecure to be in? It seems that with this constant attack on its web presence and the gaping holes shown up in its security system, when this debacle is over, Sony will emerge as a stronger and a more secure company if it takes the necessary steps to ensure its security—a sure relief for its customers!
Protect yourself from hackers by working behind a secure VPN with a strong firewall. Web is an intriguing place to be, but it loses out its charm when your information gets into the hands of strangers. Nobody likes some stranger to have access to their personal data. Buy VPN with firewall to stay anonymous, your precautionary steps will ensure your web security.