Hacker Attacks Accounts At So-net Entertainment Corporation

By Author: Apple Tan
Total Articles: 68
Comment this article

A hacker accessed So-net’s customer prizes location earlier this week and stole customers’ exchangeable gift points worth around $1,225, according to an Internet service provider subsidiary of Sony Corporation, So-net Entertainment Corporation.
This is coming only days after Sony finally got the Playstation Network back online after a major attack that stole millions of users’ personal information.  That major attack by hackers cost Sony an estimated $1.5 billion.  
According to So-net, the company discovered the breach after receiving customer complaints on May 18. A subsequent investigation concluded that hackers were able to tap into approximately 128 different accounts across May 16 and May 17, stealing around 100,000 yen (or $1,225) worth of points from the account holders. An additional 73 accounts were also accessed, but their points left unredeemed, and around 90 So-net email accounts were compromised in the attack.
Following the attack, So-net has contacted all of its customers and requested them to change the passwords on their accounts. A warning letter was sent out to ...
... users that stated what the situation was and how they can be safer online with their personal information. Also, the company has suspended any point exchanges across its network until further notice.
Keisuke Watabe, a spokesman at So-net Entertainment, says that the company believes the attack is probably not related to its parent company's recent Playstation Network woes because the method of intrusion used was so different.
"Although we can't completely rule out the possibility that there is a connection with the PSN issue, the likelihood is low," So-net Entertainment spokesperson Keisuke Watabe said.
In the attack, So-Net said that a hacker attempted 10,000 times to access the provider’s “So-net” point service, which awards customers reward points that can be exchanged for Sony products and online currency, from a similar IP address.  They added that it believes the gatecrasher had usernames of account holders and after that might have utilized an automatic software program to produce passwords until it discovered the correct one. At this point, So-net is saying that it didn’t look like any names, addresses, phone numbers or birth dates were taken.
The explanation given by So-net may be satisfactory to some, but it begs even bigger questions.  There is no mention how the hacker received access to a list of usernames.  There was also no word given on why 10,000 breaching attempts went completely unnoticed by employees.  Apparently, that isn’t something that would raise red flags in the security department.  It would be assumed that Sony Corp and their subsidiaries would be on the ball after having their image so badly damaged recently, but as seen that is simply not the case.
We have to realize that we are a constant target for cyber criminals as the process of stealing has become something that can be done with the use of databases and computer programs. IT professionals, who working with corporations that deal with large consumer databases need to do their part to keep that personal information safe. One proven way to mitigate information security risks is through technical security training that will enhance the skills proficiency of the cyber security workforce. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency of technically proficient information security professionals.
Additionally, the all-new EC-Council CAST Summit series is also created to make advanced information security training opportunities available for information security professionals across the globe. It will be the excellent platform for any IT security professionals to acquire cutting edge skills by embarking on the CAST workshops, or further enhance their IT security knowledge by attending the one-day seminar.
The 3 days CAST Summit workshop covering current and important security topics such as penetration testing, application security, cryptography, network defense and mobile forensics training, and allows for participants to actually learn, and not just listen or be rushed through a short presentation like how it’s like in many other events or conference. All of these IT security trainings will only conducted by appointed EC-Council Master Trainers, some of whom are authors of the respective trainings.

About EC-Council:
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce. It is the owner and developer of 20 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and Certified Security Analyst /Licensed Penetration Tester (ECSA/LPT). 
EC-Council’s Center for Advanced Security Training (CAST) was created to address the need for highly technical and advanced IT security trainings for information security professionals. CAST programs stand out from others thorough their extreme hands-on approach. CAST offer programs that cover important domains such as advanced penetration testing, malware analysis, advanced social engineering, cryptography, digital mobile forensics training, and web application security, among others information security training.
EC-Council has trained over 90,000 security professionals and certified more than 40,000 members. Its certification programs are offered by over 450 training centers across 84 countries. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. Department of Defense via DoD 8570.01-M, the Montgomery GI Bill, National Security Agency (NSA) and the Committee on National Security Systems (CNSS).