Sony hacked again after the issue where 77 million Sony Playstation Network users were affected. It really seems like Japan is not having a good time. Apart from the old issue that just mentioned regarding the 77 million users, they were hit as well with the natural disasters, Tsunami and earthquake. Everyone would thought that Sony should be temporarily safe as they just got hacked, but no. Something Sony must had done to anger the hackers around to keep on penetrating their system.
How does Sony hacked again? Before confusing you any further, this time is not the Playstation Network got hacked, but it is the Sony music. The attacker managed to hack the Sony music web application via SQL injection. SQL injection is one of the most popular web application attack as it is easy to attack and it can cause a very severe damage. Although it will take some time to detect this vulnerability, but the outcome of attacking with SQL injection can be very rewarding. It actually hacked through two of the web pages as shown in the figure below.
This time around, perhaps the hacker is trying not to go so hard on Sony. Thus, the good news here is that, no sensitive information such as username, password or credit card information were stolen. However you can say that this round the attacker does not return home empty handed. They discovered that Sony actually had two more database which appeared to be vulnerable but the attacker still not be able to tell whether it contains sensitive information.
Hence, there is something we learned from Sony here is that we should separate the database to few more to confuse the hacker and let the hacker buy more time to hack your web application. However there is also something that we should not learn from their mistake is that they did not learn from previous mistake. I am suppose that once you are compromised once, you will take all the possible action to ensure that you are not able to be compromise again. Sony should have control the quality of their web application. In just less than a month or two, it is very embarrassing the company got hacked more than once. As I am not any Microsoft Xbox fanboy or any Sony PSN fanboy, I also do hope that this will be the last time Sony is hacked. They should really take the security issue seriously so that I will not repeat the headline of this post named after Sony Hacked Again.