Sony hasn’t been having a great year as far as security is concerned. After a hack last month and quite a few ever since, it was just two days ago that another exploit was found, bringing all online services down once again. In an already bad week for Sony, F-Secure is now reporting that an actual scam site is hosted on Sony’s Thai domain, sony.co.th.
The scam site, which can be accessed by typing hdworld.sony.co.th into your address bar (please proceed with caution), seems to target customers of an Italian bank, not Sony users themselves. Still, a vulnerability like this is serious, at best, especially since as of the time of this writing, it’s still running on the servers. As Mikko Hypponen, chief research officer at F-Secure put it:
We know you’re not supposed to kick somebody when they’re already down… but we just found a live phishing site running on one of Sony’s servers.
Earlier this week, Sony’s CEO tried to excuse himself, claiming that it was hard for the company to handle so many attacks in such volume. Yet, it’s doubtful customers will feel safe knowing there’s a phishing site hosted where their credit card numbers are stored as well.
Of course there’s also the understandable theory that Sony simply hasn’t held security to such a high regard and it’s only now being forced to do it for the first time. This brings up the issue of whether having so much data stored ‘in the cloud’ is as safe as it looks. Big businesses have always been targeted by attacks, but now individuals are suffering the consequences of occurrences they can’t control. Imagine what would happen if GMail went down and sensitive corporate information had been leaked. By then, a simple “apology” wouldn’t have been enough.
Cloud computing has many advantages, but it’s in times like this that we wonder whether the companies that are hosting our data can really be trusted. Should all companies that host sensitive information be required to be certified by a government entity, much like doctors need to be certified? Maybe the Internet needs some rules of the road after all, so that there’s a way to hold companies accountable when sensitive information leaks out.
In Sony’s defense, the company has promised over the last few weeks to close exploits and ensure all its properties remain usable and secure. Only time will tell how fruitful those efforts will be.