14 DAY TRIAL // Sony Pictures' Russian website has been compromised by hackers who obtained access to the underlying database and published its structure online.
The attack is the latest in a series of security breaches involving Sony subsidiaries and their web properties that escalated during the past month.
Hardly a day goes by without a new Sony-related hack or leak being announced. This is bad news not just for the electronics giant whose shares are at their lowest point in two years, but also for consumers whose personal data is being exposed.
Quoting from a popular Internet meme, the Russian Sony Pictures hackers wrote "in Soviet Russia, SQL injects you..." in their public announcement on pastebin.com.
This suggests that the method of compromise was SQL injection, an attack exploiting one of the most common types of web vulnerabilities.
SQL injection flaws stem from a failure to properly validate input and can give attackers access to a website's database.
In this case, the hackers published the structure of the database which appears to contain information about accounts registered on the content management solution (CMS) used by Sony Pictures, as well as the site's forum.
LulzSec, the hacking outfit that recently made news headlines with attacks against Sony, PBS, Fox and InfraGard, didn't take responsibility for finding the vulnerability, although they were the source of the leak.
"We didn't directly find the Russia SQLi (that's why it's not on our release page) but we did publicize it by posting DBs," they write on Twitter.
It's not entirely clear when and if the attacks on Sony will slow down, but for the moment they are part of a game in which hackers try to best each other. LulzSec claim they are responsible for four of the fifteen Sony-related compromises so far and challenge others to do better.