Hackers Re-Target Sony: 93,000 PSN, Sony Entertainment Accounts Put at Risk
Adding to the company’s list of hacking woes, Sony has confirmed that an as-yet unknown third-part attempted to illegally access nearly 93,000 Sony Entertainment Network, PlayStation Network and Sony Online Entertainment accounts. Sony Corp.

With Sony only just having gotten its PSN service fully functioning today, analysts and consumers alike have voiced concern over whether the services are truly secure, citing the ongoing barrage of security breaches inflicted by the hacker group LulzSec as proof that they are not.

The PSN outage

The initial PSN outage began after a group of hackers targeted Sony's networks compromising the personal data and billing information of as many as 100 million Sony customers.

The company's PlayStation Network was shutdown after the company detected the attack. The network was only partially restored mid-way through May 2011 with certain key services like the PlayStation Store and Qriocity music service remaining down until earlier this month.

Free gifts

Sony's restoration of the PSN was at best what could be described a phased one. The extended nature of the outage and questions surrounding its online security caused a huge backlash from the general public against it.

To try and counteract this the company offered several free gifts to its customers. These included two free game downloads for both its PSP and PlayStation 3 consoles, a free 12 month membership to an online security services and a free period of membership to its PlayStation Plus upgraded account model.

LulzSec's attack

Since the announcement of its free gifts "Welcome Back" package and restoration of the network, Sony's problems with online security have continued.

The hacker group LulzSec has since mounted its own ongoing campaign against Sony. The group on numerous occasions has listed its reason and motivation for the attacks as to demonstrate the inherent continuing weaknesses in Sony's network security.

In its first attack on sonypictures.com the group issued a statement reading:

"Our goal here is not to come across as master hackers, hence what we're about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now.

"From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?"
The post continued, "What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it."

In its subsequent statement regarding its hack on Sony's BMG, the group reiterated this sentiment posting, "We've recently bought a copy of this great new game called 'Hackers vs Sony,' but we're unable to play it online due to [PlayStation Network] being obliterated.

"So we decided to play offline mode for a while and got quite a few trophies. Our latest goal is 'Hack Sony 5 Times,' so please find enclosed our 5th Sony hack.

"ACHIEVEMENT UNLOCKED: HACK SONY 6 TIMES! Oh damn, we just did it again, please also find enclosed internal network maps of Sony BMG".

Sony has only verified the authenticity -- albeit on a diminished scale -- of LulzSecs first attack on sonypictures.com.

Can you trust Sony with your credit card number?

In a statement published on its corporate website yesterday, Sony stated that unlike LulzSec's claims of taking 1,000,000 users details, only 37,500 of the website's users information was compromised. It also promised its customers that no credit or debit card information was lost.

Despite this both analysts and consumers alike have begun to question whether LulzSec hacks do indeed provide adequate reason to not hand over credit information to Sony.

Although the group is yet to manage to hack into the newly re-secured PlayStation Network, or secure any of the Sony customers billing information, many customers have already removed their card details from their accounts, indicating an ongoing lack of faith in the company.

Whether this lack of trust will create problems for Sony's forthcoming PlayStation Vita console -- which primary selling point is its 3G internet access -- remains to be seen.

Sony