The Next Web, reporting on a story published by Naked Security, has revealed that Sony Music Japan has been targeted by hackers. This time it is thought that no personal data or credit card details have been stolen, but again hackers have managed to use SQL-injection techniques to breach the site.
While no personal data has been stolen, the hackers did mock the site, leaving a note on the site to let users know it had been compromised.
According to the report, Sony is reported to have lost upwards of $170 million as a result of the hack on their PlayStation Network, and that doesn’t take into account any official fines or law suites they may eventually have to answer to.
But of even great value than the money, it’s Sony’s reputation that seems to be taking the biggest battering.
If you’re running a website, no matter what the size, and particularly if that is a database driven site, then, to avoid the same reputation issues that Sony is suffering now, we advise the following:
- Make sure the server itself is patched and running the most up-to-date versions of the software you are using to run your site
- Make sure your SQL/Database server is also patched and running the most secure versions of the software
- Use best practice for writing secure scripts, to make sure that you are less likely to suffer SQL-injection issues
- Sensitive user data should be encrypted, if possible, or not accessible (for reading) from the website
- If you must store user credit card data, make sure it is encrypted, but better yet, use a third-party payment processor, who must meet the PCI DSS standards for storage, processing and access to such data
- Test, test and test again any scripts you might use to access and retrieve information from your database
- If at all possible, hire a security specialist to try to break into your data
As always, it’s impossible for hackers to get at data you don’t store – so only store what is absolutely necessary, and store it securely.