Sony Struggles with Online Security Shortcomings

by Christopher on May 22, 2011

In the wake of a Sony PlayStation Network security breach and frequent security-related network outages, Sony is again getting bad press due to inadequate online security measures. Recently, PlayStation Network users have faced significant downtime as Sony IT staff struggles to close network vulnerabilities. Now, a phishing website targeting customers of an Italian bank has been discovered on one of Sony’s Thai servers, at the hdworld.sony.co.th domain.

The internet security firm F-Secure brought the scam to light. The phishing site has already been taken offline, but F-Secure displays a screen capture of what they found at http://www.f-secure.com/weblog/archives/00002160.html.

Because the phishing site is unrelated to recent security problems on the PlayStation Network, it is particularly alarming in that it is evidence that Sony was hacked on another front, by someone else, in a separate incident. An employee of F-Secure points out that a third party may have hosted the illicit site. However, the site still ran on a domain owned by Sony, and ultimately, on the company’s server.

Sony PlayStation Network users should be on the lookout for spear phishing attempts delivered via email and other avenues of online communication. Spammers and cybercriminals will undoubtedly use personal information stolen during the breach to send spam from a seemingly trustworthy source addressing topics relevant to the recipients. People whose personal information was compromised are likely targets for spear phishing spam containing malicious code or links seeking to obtain more lucrative information, such as account passwords and credit card numbers.

It remains to be seen how these online security woes will affect Sony. Online forums and message boards show a loyal user base becoming increasingly impatient with the lack of network availability and disenchanted by the corporate responses to the recent problems. Sony will certainly find its security measures subjected to more scrutiny, by concerned parties and hackers alike, no doubt. Hopefully the company will act quickly to resolve any existing vulnerabilities and bolster their security safeguards, as further breaches are likely to send users jumping ship en masse.

Posted in: Phishing

Previous post:

Next post: