Sony site used for phishing

Sony has been hacked, and one of its servers used to host a phishing site, according to Finnish company F-Secure.

The hack, which is not connected to Sony's problems with its PlayStation Network, has placed a phishing webpage on the Sony Thailand site, F-Secure chief research officer Mikko Hypponen told ZDNet UK on Friday.

"The phishers are looking for credit card details and logins," said Hypponen.

Two phishing pages mimicked a site for the Italian CartaSi credit card. The first page asked for username and password, while the second page asked for "additional verification" for credit card number, expiry date, and security code. Users were then redirected to an official CartaSi site.

Hypponen said that the timing of the hack was unfortunate for Sony, given that its PlayStation Network and Qriocity services were coming back online after a major cyberattack that compromised the details of millions of people.

"Right now it looks especially bad," said Hypponen. "It's just bad luck and bad timing."

The security researcher came across the Sony website compromise while looking for phishing scams connected with PSN. The page was most likely to have been compromised via SQL injection or a PHP vulnerability, and is no longer active, Hypponen added.

F-Secure notified Sony, the company said in a blog post on Friday.