Threat Level: green Handler on Duty: Russ McRee

SANS ISC: InfoSec Handlers Diary Blog - SonyPictures Site Compromised InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

SonyPictures Site Compromised

Published: 2011-06-03
Last Updated: 2011-06-03 19:51:37 UTC
by Guy Bruneau (Version: 1)
13 comment(s)

We have written diaries on Sony’s security woes over the past few months, first one was a DDoS against its infrastructure [1] followed by the hacking of the Sony PlayStation network that took their network offline for several weeks, affecting all its PlayStation customers [2]. This week, SonyPictures was compromised by a group of individuals calling themselves LulzSec who took over 1,000,000 unencrypted plaintext customer password. Last week, another attack took place, this time against Sony Music Entertainment Greece website [3] who took usernames, passwords, email addresses and phone numbers.

One question comes to mind. With all of this data lost, if a PCI compliant corporation can be this easily targeted and compromised, is PCI a good standard to measure security posture?

[1] http://isc.sans.org/diary.html?storyid=10654
[2] http://isc.sans.org/diary.html?storyid=10768
[3] http://mashable.com/2011/05/24/sony-hacker-attack

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Keywords: Incidents
13 comment(s)
Diary Archives