of 8300+ users full names email addresses and (partial again) telephones
appearing on pastebin. Given that not all details were mandatory, this
somehow limits the impact of the breach but still, looking through the
dump appearing in pastebin there are indeed accounts with all the
details provided.
Media coverage in
http://nakedsecurity.sophos.
In what seems to be a neverending nightmare it appears that the website
of Sony BMG in Greece has been hacked and information dumped.
An anonymous poster has uploaded a user database to pastebin.com,
including the usernames, real names and email addresses of users
registered on SonyMusic.gr.
The data posted appears to be incomplete as it claims to include
passwords, telephone numbers and other data that is either missing or bogus.
[..]
It appears someone used an automated SQL Injection tool to find this
flaw. It's not something that requires a particularly skillful attacker,
but simply the diligence to comb through Sony website after website
until a security flaw is found.While it's cruel to kick someone while
they're down, when this is over, Sony may end up being one of the most
secure web assets on the net.If you are a user of SonyMusic.gr, it is
highly recommended that you reset your password. Expect that any
information you entered when creating your account may be in the hands
of someone with malicious intent, and keep a close eye out for phishing
attacks.The lesson I take away from this is similar to other stories we
have published on data breaches. It would cost far less to perform
thorough penetration tests than to suffer the loss of trust, fines,
disclosure costs and loss of reputation these incidents have resulted
in.Want to learn more about securing your web servers and databases?
[...] Update: The editors of The Hacker News have contacted Naked
Security and indicated they were the source of the post to pastebin.com.
The original hackers had contacted them with the dump.
No comments:
Post a Comment