Sony Ericsson’s Canada Suffered Data Breach

By Author: Apple Tan
Total Articles: 68
Comment this article

Sony Ericsson’s Canadian Online Store has now fallen foul to hackers, who have been able to extract details of 2,000 eShop customers from Sony’s Canadian online store. Sony Ericsson is a mobile phone maker that is a joint venture between L.M. Ericsson of Sweden and Sony.
"Sony Ericsson’s website in Canada, which advertises its products, has been hacked, affecting 2,000 people," Sony Corp. Spokesman, Atsuo Omagari told AFP. "Their personal information was posted on a website called 'The Hacker News'. The information includes registered names, email addresses and encrypted passwords. But it does not include credit card information."
The link to the Sony Ericsson eShop site featured a message that said "D’oh! The page you are looking for has gone walkabout. Sorry." However, Sony has explained that the store was externally hosted by third parties and was not connected to its main network of sites, and the eShop is currently offline as Sony tries to stem the tide of hacks across its worldwide network.
Visitors to ca.eshop.sonyericsson.com, which sells Sony Ericsson cell phones and accessories, ...
... were informed that the site was down.  Others were diverted to the company’s U.K.-based e-commerce site to make purchases instead. An investigation was under way, and other details were not immediately available.
This is just the latest in a string of highly focused attacks that have targeted virtually every segment of Sony's business. It started when hackers infiltrated the company's Playstation Network servers, accessing data from tens of millions of PS3 and PSP owners and causing Sony to shut down the service for nearly a month. Some Playstation services still remain offline following the April attack.
In early May, Sony online properties in both Japan and Greece were attacked as well, and now news emerges that its site based in Thailand also has been shut down after it experienced unauthorized intrusions, and the presence of malicious code that could spam user email accounts was found.
The apparent culprit of the hack is a self-described “Lebanese grey-hat hacker” named ‘Idahc’. Unlike the other attacks, Idahc was able to compromise both Sony Canada’s online store and customer database, though both he and Sony claim that credit card information was not touched.
He did, however, post nearly 1,000 of the records he accessed online and a file containing some of that data was put on The Hacker News, a site that tracks cyber attacks. Included with the file was a message from Idahc himself: “I hacked the database of ca.eshop.sonyericsson.com with a simple sql injection (LOL).  Hackers vs. Sony.  We are the winners."
Sony has now officially become the testing ground for hackers, where they get their claim to fame exploiting various security holes at Sony Corporation.  Meanwhile, Sony keeps trying to figure out how many security loopholes exist in their systems.
"This is an ongoing problem, and the size of the damage is still unclear," Ryosuke Katsura, senior analyst at Mizuho Securities, told AFP. Sony CEO Howard Stringer has apologized in a letter to customers and said the company is "working with the FBI and other law enforcement agencies around the world to apprehend those responsible".
The number of cyber attacks is only going to increase if organizations and companies fail to pay attention on the vulnerabilities of their network security. One proven way to mitigate information security risks is through technical security training that will enhance the skills proficiency of the cyber security workforce. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency of technically proficient information security professionals.
Additionally, the all-new EC-Council CAST Summit series is also created to make advanced information security training opportunities available for information security professionals across the globe. It will be the excellent platform for any IT security professionals to acquire cutting edge skills by embarking on the CAST workshops, or further enhance their IT security knowledge by attending the one-day seminar.
The 3 days CAST Summit workshop covering current and important security topics such as penetration testing, application security, cryptography, network defense and mobile forensics training, and allows for participants to actually learn, and not just listen or be rushed through a short presentation like how it’s like in many other events or conference. All of these IT security trainings will only conducted by appointed EC-Council Master Trainers, some of whom are authors of the respective trainings.

About EC-Council

The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT). 
EC-Council’s Center for Advanced Security Training (CAST) was created to address the need for highly technical and advanced IT security trainings for information security professionals. CAST programs stand out from others thorough their extreme hands-on approach. CAST offer programs that cover important domains such as advanced penetration testing, malware analysis, advanced social engineering, cryptography, digital mobile forensics training, and web application security, among others information security training.
EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. Its certification programs are offered by over 450 training centers across 84 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS).