WARNING AND NOTICE

All tricks in this blog are only for educational purpose. Learn these tricks only for your knowledge. Please donot try these to harm any one. We will not take any responsibility in any case. All softwares and tools on this site are here for private purposes only and If you want to use a software for business purpose, please purchase it. I do not host many of these tools. I Post links that I have found from numerous Search engines. I will not be responsible for any of harm you will do by using these tools.

Readmore

Saturday, June 4, 2011

Sony Europe hacked by Lebanese Hacker: Dumped Database contains 120 usernames, passwords (plain text)

Sony Europe hacked by Lebanese Hacker: Dumped Database contains 120 usernames, passwords (plain text) 





 



By my count this is unlucky hack number 13 for Sony. A Lebanese hacker known as Idahc dumped another user database at Sony Europe containing approximately 120 usernames, passwords (plain text), mobile phone numbers, work emails and website addresses.

The attacker claims that he used standard SQL injection techniques to acquire the database. I think it is fair to say it appears that Sony has not learned anything from the previous 12 attacks.

SQL injection flaw? Check. Plain text passwords? Check. People's personally identifiable information totally unprotected? Check.


Idahc is the same attacker who targeted the Canadian Sony Ericsson site in May, 2011. In his note on pastebin he states: "I was Bored and I play the game of the year : 'hacker vs Sony'." He posted the link to pastebin with the simple note "Sony Hacked: pastebin.com/OMITTED lol."

If you are a database administrator (especially a Sony one) and want to avoid your sensitive data from ending up in the headlines I recommend you actually test your web applications for SQL vulnerabilities.