The Sony Corporation, still reeling from attacks against the PlayStation and Online Entertainment networks, has been stung yet again by two more network breach events at the hands of unknown attackers.
So-net Entertainment, a Japanese Internet service provider and subsidiary of Sony, was the victim of a network breach last week, and the attackers are reported to have stolen about $1200 in customer reward points as well as gained access to over 200 customer accounts and 90 email accounts.
"Although we can't completely rule out the possibility that there is a connection with the PSN issue, the likelihood is low," So-net Entertainment spokesman Keisuke Watabe said.
Meanwhile, Sony BMG Greece was the target of a SQL injection attack which may have exposed the usernames and email addresses of SonyMusic.gr account holders. The attackers reportedly contacted The Hacker News and presented evidence of an extracted customer database.
The unauthorised access events are part of a series of network attacks suffered by Sony over the last two months.
In late April, Sony announced that the company's PlayStation network servers had been hacked, exposing the records of more than 70 million customers. During the course of the investigation, Sony discovered that the company's Online Entertainment network had also been compromised, exposing another 25 million customer records.
The breaches forced Sony to shut down both the PSN and Online Entertainment networks. Sony has since been the subject of a great deal of criticism regarding the company's delay in notifying authorities and customers of the exposure of account details, as well as for alleged security lapses leading to the breach.
The attacks were precipitated by a distributed denial of service (DDoS) attack in early April, dubbed "OpSony", orchestrated by the rogue movement Anonymous. A press release that announced the attack indicated it is in retaliation for recent "legal actions against fellow Internet citizens GeoHot and Graf_Chokolo."
George "Geohot" Hotz is responsible for the well publicized "jailbreak" of Sony's PlayStation3, which allows non-approved software to run on the gaming system, and Alexander "Graf_Chokolo" Egorenkov drew the ire of Sony for his work in enabling the PS3 to run the Linux operating system.
One has to wonder if the message being sent by the wave of criminal hacks against Sony are meant to be a warning to any company who might pursue legal options in support of their products or copyrights: Your systems may be the next to come under attack.
"It is nearly impossible to run a totally secure Web presence, especially when you are the size of Sony. As long as it is popular within the hacker community to expose Sony's flaws, we are likely to continue seeing successful attacks against them," Sophos senior security advisor Chester Wisniewski said.