Want CNET to notify you of price drops and the latest stories?

Report: Sony Music Japan, Sony Ericsson hacked

Sony Music Japan and Sony Ericsson's online store are latest victims of hackers, according to a report.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
3 min read

The onslaught against Sony apparently continues: this time hackers have targeted Sony Music Entertainment Japan and stolen information from thousands of accounts in a Canadian Sony Ericsson eShop site, a spokesperson confirmed today.

Meanwhile, e-mails, phone numbers, and passwords of more than 8,000 accounts at Sony Music Greece were stolen over the weekend, Sony confirmed.

"Sony Music Entertainment Greece learned late Sunday about a data breach involving certain Sony Music Greece Web sites" (which was reported yesterday), the statement said. "These sites, which were artist Web sites allowing fans to sign up for newsletters, were taken down immediately. Approximately 8,500 records containing e-mail addresses, telephone numbers, user names, and passwords were obtained; however, the sites did not offer any commerce activity and therefore no credit card data was involved. The affected sites were hosted by a third party and were not part of the Sony Music Entertainment network. Sony Music Entertainment Greece plans to re-launch the sites as soon as possible after further security review."

It's unknown who is behind that attack, which is one of a series targeting Sony sites in the wake of breach last month at Sony PlayStation Network (PSN) and Sony Online Entertainment (SOE) that exposed user data from more than 100 million accounts.

In the latest news, a Lebanese hacker known as "Idahc" used an SQL injection attack to steal data from a Sony Ericsson eShop Web site, according to The Hacker News, which said "E-mail, password, and names of thousands of users were exposed via text file on Pastebin." The link to the Sony Ericsson eShop site, its official online store, was down with a message that said "D'oh! The page you are looking for has gone walkabout. Sorry." Meanwhile, there was no data on the Pastebin link provided by the report.

A Sony Ericsson Mobile spokesperson said in a statement to CNET that records for about 2,000 customers, including names and e-mail addresses and a hashed version of their passwords, were compromised in the Canadian version of the Sony Ericsson eShop site. "Sony Ericsson has disabled this e-commerce website," sthe statement said "We can confirm that this is a standalone website and it is not connected to Sony Ericsson servers."

And in yet another attack, a hacker group called "LulzSec" said it used an SQL Injection attack to grab information behind two sites associated with Sony Music Entertainment Japan, according to a report on The Hacker News.

"This isn't a 1337 h4x0r, (elite hack) we just want to embarrass Sony some more," the group wrote on its Pastebin post. "Stupid Sony, so very stupid."

LulzSec announced the hack in a Tweet, which was picked up by The Hacker News. Of the two Sony sites listed by LulzSec, one was inaccessible midday today and the other was up.

A Sony spokeswoman said the company was looking into the Sony Music Entertainment Japan situation.

In addition to a distributed denial-of-service attack the group Anonymous launched on Sony in early April and the unconfirmed Sony Music Japan and Sony Ericsson hacks, there have been attacks on PSN, SOE, Sony Music Greece, Sony Music Indonesia, Sony's Japanese ISP subsidiary So-net Entertainment, and Sony Thailand's site.

Sony also had to take PSN down last week after finally restoring the service following the breach because of a log-in exploit. And Sony took PSN offline again today for maintenance work that the company says is not related to a security issue.

Updated 3:53 p.m. PT with Sony Ericsson confirmation that customer records were accessed.