Sony Music Japan hacked through SQL injection flaw

Chester Wisniewski writes:

Another day, another attack on Sony. I reported yesterday on the SQL injection attack exposing user information on SonyMusic.gr and today attackers have found flaws in SonyMusic.co.jp.

The Hacker News sent us a tip this evening documenting a couple of vulnerable web pages on SonyMusic.co.jp that allowed hackers to access their contents through SQL injection.

The good news? The database information that was published does not contain names, passwords or other personally identifiable information. The attackers noted that there are two other databases on the site that are vulnerable and it remains unclear whether they contain sensitive information.

Read more on Naked Security.

About the author: Dissent