Sony is no doubt facing a lot of flack over its security procedures, and this latest hack isn’t going to make things even better. Hack number 13 – yes, you have heard that right – comes to by a Lebanese hacker known as Idahc with another user database dump containing 120 usernames, passwords, work emails and mobile numbers.
According to Sophos’ Naked Security blog, the attacker claims that he used a standard SQL injection to acquire data from Sony Europe’s website – and apparently, all the data is in plain text, not encrypted or hashed. Idahc is no stranger in hacking Sony, as he also targeted Sony Ericsson’s Canadian site.
The large number of security problems from Sony can be attributed to one thing – the fact that it does not a consolidated web team for the entire company. Each individual department of Sony (Sony Pictures, Sony Computer Entertainment, Sony Music, etc) and their region sites all have their own web team – and therefore all have different security settings.
In other words, Sony Europe’s security on its server does not necessarily mean that Sony Australia is using it.
However, while having individual arms does mean that each site is unique in advertising its products to a certain market – Sony should at least adopt the same high level of security.