NEW YORK (Reuters) - Sony Corp has been hacked again, exposing more security issues for the company less than a month after intruders stole personal information from more than 100 million online user accounts.
A hacked page on a Sony website in Thailand directed users to a fake site posing as an Italian credit card company. The site was designed to steal information from customers, Internet security firm F-Secure disclosed on Friday.
It is the latest in a series of security headaches for Sony, which discovered in April hackers had broken into its PlayStation Network and stole data from more than 77 million accounts. On May 2, Sony disclosed hackers had also stolen data from about 25 million user accounts of the Sony Online Entertainment website, a PC-based games service.
The PlayStation attack, considered the biggest in Internet history, prompted the Japanese electronics giant to shut down its PlayStation Network and other services for close to a month.
“It’s a Sony security issue,” said Jennifer Kutz, a representative for F-Secure, referring to the fraudulent website.
The latest hacking, which the security company said occurred separately from the April attack, was reported just hours after Sony told customers of another breach on one of its units.
So-Net, the Internet service provider unit of Sony, alerted customers on Thursday that an intruder had broken into its system and stolen virtual points worth $1,225 from account holders.
Critics have slammed the company for not protecting its networks securely and then waiting up to a week before telling its customers of the attack and the possible theft of credit card information, prompting lawmakers and state attorneys general to launch investigations.
Security experts said they were not surprised that the electronics company has not yet fixed weaknesses in its massive global network. Earlier this week, Sony shut down one of its websites set up to help millions of users change their passwords after finding a security flaw.
“Sony is going through a pretty rigorous process and finding the holes to fill,” said Josh Shaul, chief technology officer for computer security firm Application Security Inc.
“The hackers are going through the same process and they’re putting their fingers in the holes faster than Sony can fill them.”
“What we’ve done is stopped the So-Net points exchanges and told customers to change their passwords,” So-Net said in a statement in Japanese to consumers.
About 100,000 yen ($1,225) was stolen from accounts that were attacked. The company said there was no evidence other accounts in the online system had been compromised.
“At this point in our investigations, we have not confirmed any data leakage. We have not found any sign of a possibility that a third party has obtained members’ names, address, birth dates and phone numbers.”
Security experts have told Reuters Sony’s networks around the world remain vulnerable to attack.
Sony’s string of security problems could be attracting more hackers to attack its networks.
“I think it’s now ‘I’m a hacker and I’m bored, let’s go after Sony,’” Shaul said.
A Sony representative in the United States could not immediately be reached for comment on Friday.
Additional reporting by Ritsuko Ando in Helsinki; editing by Andre Grenon and Matthew Lewis