Sony’s unprecedented spree of security breaches in the last two months may be finally cooling off, as profit- and attention-seeking hackers move on to other vulnerable targets. But it’s not quite over yet.
Over the weekend hackers announced that they had gained access to 177,000 emails through a SQL injection vulnerability on Sony Pictures’ French website. That’s the same sort of vulnerability intruders have used to breach Sony Pictures Russia, Sony Portugal, Sony Europe and Sony Ericsson Canada. And according to Attrition.org, a breach-focused website that has been closely counting the Sony attacks, this attack represents the 20th breach in just the 60 days since Sony announced that its PlayStation Network had been hacked sometime between the 17th and 19th of April.
The hackers responsible, an 18-year-old Lebanese computer science student who uses the handle Idahc and another French hacker who goes by the name Auth3ntiq, claim in their announcement that they exposed the site’s vulnerability as a proof-of-concept, though they include 70 users’ email addresses as a sample of the compromised data. “We are not black hats,” they write.
In an interview with Idahc last week, he told me he considers himself a grey-hat hacker who’s working to publicize Sony’s lax attitude toward security and push the company to fix its exposure of users’ data, although he has never directly contacted the company to help Sony fix its bugs. “I didn’t even publish all the information I had,” he wrote to me at the time. “It is not my goal to destroy. I want to help Sony.”
In one thin sign of good news for Sony, the attack comes 12 days after the company’s last breach, the longest interval since May and a sign that the Sony-hacking meme may be finally wearing thin for the hacker community.
Attrition.org notes that Sony’s stock ...Continued...