Sony's Greek BMG site is the latest to be hit by hackers

Personal information compromised as attackers continue to find security flaws

Sony's high-profile security problems continued over the weekend after news that the firm's Greece-based BMG music web site and ISP subsidiary So-Net were the latest services to be hacked.

User names, real names and addresses of up to 8000 Sonymusic.gr users were obtained by a hacker, 450 of which were uploaded to pastebin.com over the weekend.

Chester Wisniewski, a senior security advisor at Sophos Canada, advised users of SonyMusic.gr to reset their passwords and assume that any personal information entered on the site is now in the hands of someone with malicious intentions.

"It appeared someone used an automated SQL injection tool to find this flaw. It's not something that requires a particularly skillful attacker, but simply the diligence to comb through Sony web site after web site until a security flaw is found," he said on the Sophos Naked Security Blog.

"As long as it is popular within the hacker community to expose Sony's flaws, we are likely to continue seeing successful attacks against them."

However, Wisniewski noted that these attacks on Sony could actually help the firm to strengthen its security in the future.

"[When] this is over, Sony may end up being one of the most secure web assets on the net," he said.

Jay Heiser, research vice president at Gartner agreed that Sony appears to have been targeted by the hacker community, but added that the firm will learn some useful lessons from the experience.

"As many have recently pointed out, nothing can be 100 per cent secure - that's the reality of internet life. However, it is becoming increasingly likely that Sony has just not put an adequate level of attention into information protection," he told V3.co.uk.

"However, I don't take this as an indictment of cloud security. I do expect that there will be some broad and useful lessons that will be apparent after the dust has cleared from this series of Sony security stumbles."

Meanwhile, data from a Sony-owned Japanese ISP So-Net Entertainment has also been compromised, with a hacker redeeming gift points worth approximately $1,225, according to The Wall Street Journal.

Points from 128 customer accounts were said to have been redeemed without permission and, although a further 73 accounts were accessed, no points were used from these. Approximately, 90 email accounts on the So-Net network have also been compromised.

Sony admitted in April that its PlayStation Network had been breached and that the personal information of up to 100 million users may have been compromised.

The Japanese firm was forced to call in third-party security experts and requested the help of the FBI in an attempt to get to the bottom of the hack.

At the time of writing, the Sonymusic.gr web site was still down and So-Net's points redeeming service has been shut down. V3.co.uk contacted Sony, but the firm had not responded at the time of writing.

In more bad news, reports suggest that Sony is due to announce losses of $3bn to $4bn this Thursday.