According to a WallStreet report, So-net Entertainment Corp, an Internet service provider subsidiary of Sony Corp., said an online intruder accessed its customer rewards site earlier this week and stole customers’ redeemable gift points worth about $1,225.
Sony’s infamous hack on online gaming networks including PlayStation Network and Sony Online Entertainment has already become one of the biggest ever hacks ever. The latest hack is the only hack that has a direct financial component attached to it. The previous hacks that brought down PSN around 19th of April and impacted over 100 million users resulted in the outages of the two gaming networks for nearly a month and exposed user credit card details. However, there are no reports yet on any misuse of that data.
Security experts said there were not surprised the electronics company has yet to clean up weaknesses in its massive global network. Earlier this week, Sony shut down one of its websites set up to help millions of users change their passwords after finding a security flaw.
As for whether this latest hack is related, So-net’s Keisuke Watabe said, “Although we can’t completely rule out the possibility that there is a connection with the PSN issue, the likelihood is low.”
So-net sent a warning to its members yesterday saying that someone had tried to log in to the rewards site 10,000 times from the same IP address, and that the company thought the hacker might have had members’ usernames but no passwords. Therefore, he or she repeatedly tried automatically generated passwords until they worked.
When the dust settled, rewards points from 128 accounts with a total worth of just over $1,200 were redeemed. The Journal says that 73 additional accounts were accessed but had no points taken, and 90 So-net e-mail accounts were compromised as well. So-net claims that “there is no evidence that any personal data such as names, addresses, birth dates or phone numbers were viewed,” reports the Journal.
It’s becoming increasingly clear that Sony may have a company-wide security problem on its hands. It took Sony an eternity to get the PlayStation Network back up and running, but it didn’t take long before people noticed a vulnerability in the PSN’s login system. Sony’s response was to point out that the security hole was simply a vulnerability, not an actual hack.
F-Secure also noted that a phishing site “targeting an Italian credit card company” was found on one of Sony’s servers in Thailand. “Basically this means that Sony has been hacked, again,” says F-Secure’s post, which continues, “Although in this case the server is probably not very important.”
Sony has already accepted that it didn’t even have a Chief Information Security Officer and is NOW trying to create that position. That clearly shows the callous approach Sony has been taking towards security so far.