This year has been terrible for Sony. With one break-in and a detected exploit last week, following many more over the last month, we’d expect nothing to get worse, but it did: another Sony service got broken into, this time Sony Music Japan, the company’s Japanese music label.
The group, which calls itself "Lulz Security", left a message saying their intention was to simply "embarrass Sony some more", and I bet they managed to. This is the same crew that hacked Fox.com earlier this month and published hundreds of usernames and passwords that belonged to employees.
Sony was in the news last month when PlayStation Network was hacked and sensitive information, including usernames, passwords and credit card details were leaked. The services were brought down, only to be hacked again shortly after.
Last week, Sony’s Thailand website, sony.co.th, was used to store a live phishing website targeting customers of an Italian bank. That came after an exploit was found on some of Sony’s web properties that same week and brought them down until the vulnerability was fixed.
Thankfully, this hack didn’t reveal any sensitive information. Still, it does reveal the poor state of Sony’s online infrastructure, at least as far as security is concerned. Since Sony is such a huge company, it’s often hard to maintain consistency over all properties, but one thing is clearly consistent: a poor security infrastructure, at least in the public’s eye.
Thankfully, unlike what happened with the PlayStation hacks, a music label site isn’t as core to everyday people’s lifestyle as a gaming service, and there was most likely less information stored to begin with, even if any of it had been leaked.
The company has come out multiple times to defend itself, calling this situation unpredictable and unprecedented. The company also tried to apologize to its customers by giving away free downloads and Sony Network Subscriptions.
In Sony’s defense, there might be an organized effort to destroy Sony’s reputation since the original attack took place. That’s the narrative Sony executives are trying to have the public follow, and in some ways it’s plausible. Other websites might have the same or worse exploits, maybe they’re just not being targeted right now. Either way, in 2011, we deserve better from huge web services companies like Sony.
One thing we can say for sure is that Sony will have quite a hard time cleaning up this PR mess, on top of the $171 million it has already lost . Hopefully the attacks will end now.