The Sony-owned “So-net” internet service provider has confirmed that its customer rewards website was recently breached, with the person or people responsible making off with “customers’ redeemable gift points worth about $1,225,” as first reported by the Wall Street Journal.
This event comes hot on the heels of Sony’s infamous PlayStation Network (PSN) hack that’s been grabbing headlines since April. As for whether this latest hack is related, So-net’s Keisuke Watabe said, “Although we can’t completely rule out the possibility that there is a connection with the PSN issue, the likelihood is low.”
How so? Apparently the way the hacker attempted to access So-net’s rewards site didn’t jibe with how the PSN hackers infiltrated Sony’s gaming network.
So-net sent a warning to its members yesterday saying that someone had tried to log in to the rewards site 10,000 times from the same IP address, and that the company thought the hacker might have had members’ usernames but no passwords. Therefore, he or she repeatedly tried automatically generated passwords until they worked.
When the dust settled, rewards points from 128 accounts with a total worth of just over $1,200 were redeemed. The Journal says that 73 additional accounts were accessed but had no points taken, and 90 So-net e-mail accounts were compromised as well. So-net claims that “there is no evidence that any personal data such as names, addresses, birth dates or phone numbers were viewed,” reports the Journal.
As any security expert will tell you, this could have easily been avoided. Have you ever been locked out of your banking website (or any other website) after you forgot your password? After a certain number of failed login attempts, most sites will block your IP address for a while. A site being accessed 10,000 times from the same IP address should have set off major alarms.
It’s becoming increasingly clear that Sony may have a company-wide security problem on its hands. It took Sony an eternity to get the PlayStation Network back up and running, but it didn’t take long before people noticed a vulnerability in the PSN’s login system. Sony’s response was to point out that the security hole was simply a vulnerability, not an actual hack.
Potato, po-tah-toh. The fact that it was even vulnerable is bad. Same goes for So-net saying that the latest attacks are probably unrelated to the PSN attacks. The point is that Sony’s being attacked and, more importantly, that its systems are vulnerable.
Earlier this morning, internet security company F-Secure noted that a phishing site “targeting an Italian credit card company” was found on one of Sony’s servers in Thailand. “Basically this means that Sony has been hacked, again,” says F-Secure’s post, which continues, “Although in this case the server is probably not very important.”
Maybe not, but it’s important that Sony intrusions keep popping up in the news. It’d be interesting to know whether Sony’s simply a focused target of attacks as a result of all the recent publicity, or whether its various systems are actually more poorly protected than they should be. I’m guessing it’s probably a little from Column A and a little from Column B.
More on TIME.com: