Sony site used for phishing

Summary:Sony has been hacked, and one of its servers used to host a phishing site, according to Finnish company F-Secure.The hack, which is not connected to Sony's problems with its PlayStation Network, has placed a phishing webpage on the Sony Thailand site, F-Secure chief research officer Mikko Hypponen told ZDNet UK on Friday.

Sony has been hacked, and one of its servers used to host a phishing site, according to Finnish company F-Secure.

The hack, which is not connected to Sony's problems with its PlayStation Network, has placed a phishing webpage on the Sony Thailand site, F-Secure chief research officer Mikko Hypponen told ZDNet UK on Friday.

"The phishers are looking for credit card details and logins," said Hypponen.

Two phishing pages mimicked a site for the Italian CartaSi credit card. The first page asked for username and password, while the second page asked for "additional verification" for credit card number, expiry date, and security code. Users were then redirected to an official CartaSi site.

Hypponen said that the timing of the hack was unfortunate for Sony, given that its PlayStation Network and Qriocity services were coming back online after a major cyberattack that compromised the details of millions of people.

"Right now it looks especially bad," said Hypponen. "It's just bad luck and bad timing."

The security researcher came across the Sony website compromise while looking for phishing scams connected with PSN. The page was most likely to have been compromised via SQL injection or a PHP vulnerability, and is no longer active, Hypponen added.

F-Secure notified Sony, the company said in a blog post on Friday.

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.