The same Lebanese hacker who targeted Sony Europe on Friday has now dumped a database from Sony Portugal.
The hacker claims to be a grey hat, not a black hat, according to his post to pastebin.com.
"I am not a black hat to dump all the database I am Grey hat"
Instead of dumping the entire database like many previous Sony attackers, idahc only dumped the email addresses from one table in Sony’s database.
He claims to have discovered three different flaws on SonyMusic.pt, including SQL injection, XSS (cross-site scripting) and iFrame injection.
By my count, this is the 16th attack against Sony since the chaos came raining down on them in mid-April.
There were two other breaches on Monday by LulzSec, but I simply couldn’t bring myself to write about more Sony hacks.
LulzSec compromised the Sony Computer Entertainment devnet and downloaded the source code for SCE’s entire website, which they posted on BitTorrent.
In what LulzSec claimed as a separate hack, they also disclosed a complete network map detailing all of the Sony BMG internal systems.
In what I suppose you would call their press release, they stated:
"We've recently bought a copy of this great new game called "Hackers vs Sony", but we're unable to play it online due to PSN being obliterated."
The question that remains is whether Sony is reacting to this situation at all, or whether their strategy is simply to hope it goes away.
You would expect an organization with 170,000 employees and over $88 billion in revenue over the last 12 months to be able to round up the resources necessary to secure their web presence.
by Chester Wisniewski on June 9, 2011