So-net hack adds to the list of hacks and data leakages from Sony

According to a WallStreet report, So-net Entertainment Corp, an Internet service provider subsidiary of Sony Corp., said an online intruder accessed its customer rewards site earlier this week and stole customers’ redeemable gift points worth about $1,225.

Sony’s infamous hack on online gaming networks including PlayStation Network and Sony Online Entertainment has already become one of the biggest ever hacks ever. The latest hack is the only hack that has a direct financial component attached to it. The previous hacks that brought down PSN around 19th of April and impacted over 100 million users resulted in the outages of the two gaming networks for nearly a month and exposed user credit card details. However, there are no reports yet on any misuse of that data.

Security experts said there were not surprised the electronics company has yet to clean up weaknesses in its massive global network. Earlier this week, Sony shut down one of its websites set up to help millions of users change their passwords after finding a security flaw.

As for whether this latest hack is related, So-net’s Keisuke Watabe said, “Although we can’t completely rule out the possibility that there is a connection with the PSN issue, the likelihood is low.”

So-net sent a warning to its members yesterday saying that someone had tried to log in to the rewards site 10,000 times from the same IP address, and that the company thought the hacker might have had members’ usernames but no passwords. Therefore, he or she repeatedly tried automatically generated passwords until they worked.

When the dust settled, rewards points from 128 accounts with a total worth of just over $1,200 were redeemed. The Journal says that 73 additional accounts were accessed but had no points taken, and 90 So-net e-mail accounts were compromised as well. So-net claims that “there is no evidence that any personal data such as names, addresses, birth dates or phone numbers were viewed,” reports the Journal.

It’s becoming increasingly clear that Sony may have a company-wide security problem on its hands. It took Sony an eternity to get the PlayStation Network back up and running, but it didn’t take long before people noticed a vulnerability in the PSN’s login system. Sony’s response was to point out that the security hole was simply a vulnerability, not an actual hack.

F-Secure  also noted that a phishing site “targeting an Italian credit card company” was found on one of Sony’s servers in Thailand. “Basically this means that Sony has been hacked, again,” says F-Secure’s post, which continues, “Although in this case the server is probably not very important.”

Sony has already accepted that it didn’t even have a Chief Information Security Officer and is NOW trying to create that position. That clearly shows the callous approach Sony has been taking towards security so far.

Sony shut PSN without informing users

While everyone’s trying to guess who brought down Sony’s PlayStation Network and many blame the hacktivist group Anonymous for the same, Sony has has finally made another hopelessly detailed but a little more informed statement (than the previous one) after about 50 hours of outage. According to Sony, “an external intrusion on our system has affected our PlayStation Network and Qriocity services. In order to conduct a thorough investigation and to verify the smooth and secure operation of our network services going forward, we turned off PlayStation Network & Qriocity services on the evening of Wednesday, April 20th.”

What’s shocking to see is that Sony shut down PSN on its own in order to investigate the attacks but didn’t see the importance of informing its users who were going crazy waiting to see PSN back and running. Many of them are swearing against Anonymous and other hackers who they feel are responsible for the attacks. Defending its position against the attacks, Anonymous made a public statement yesterday denying any involvement with the PSN outage.

There are more than 600 comments of Sony PSN blogs with some blaming Sony for not being able to handle the crisis situation others blaming the possible hackers behind it as everyone’s craving to get back to some serious gaming.

Here are a few of the comments:

• Sony if you need Russian IT security guys from Canada to investigate call me this is a big call
• I was really looking forward to playing some Portal 2 co-op, but I guess I’ll just finish up the single player campaign. I guess I could also get the last three trophies I need to get the platinum in inFamous.
• With the PSN being down, we can’t even sign into our Qriocity accounts. 😦 If this continues on, I hope they give us paying members complimentary free time for our premium subscriptions. (I’m just hoping for a matching/fair amount of compensation time for the paid service; it’ll make up for the significant downtime.)
• The PSN was hacked. Not by Anonymous. It was made so that the hackers were adding funds to peoples wallets and allowing games to downloaded for free. Sony took the whole system down themselves, all of their game servers which allowed items to be purchased in order to fix the security hole. Some people will find that when the servers do come back up, they are missing items they purchased, money in the wallet is gone or added etc, just my guesstimation…because 2-3 days down means they need to find the exact time this issue occurred to roll back store transactions.
• So was it anonymous or Skynet?
• Wow horrible PR for real. All you got to say? ETA, anything else? If i was gettin paid $100,000 + a year, i would update the community with more then a sentence or two every few days.

This is perhaps the worst crisis management shown by a Japanese company.

Anonymous officially denies involvement in PSN outage

Sony’s Playstation Network is still suffering an outage even after more than 48 hours since it began. According to Sony’s blog, the interruption in service may last into the long weekend – for at least another “full day or two”.  Sony released a statement through its EU blog, saying that the network outage may be a result of “targeted behaviour by an outside party”, brining in the possibility of cyberattacks. Adding to the confusion is the fact that the message has since been removed. The hacktivist group Anonymous has been suspected for the attacks since the group openly warned Sony against attacks last week. However, tired of the allegations against it, the Anonymous has finally officially denied any involvement.

In the official statement, Anonymous today said, “While it could be the case that other Anons have acted by themselves, AnonOps was not related to this incident and takes no responsibility for it. A more likely explanation is that Sony is taking advantage of Anonymous’ previous ill-will towards the company to distract users from the fact the outage is accutally an internal problem with the companies servers.”

The PSN users are highly annoyed with this incident as they cannot play their favorite PS3 games online on this long weekend. There couldn’t have been a worse time for an outage of this proportion.