A serious vulnerability in the PlayStation Network service
A critical vulnerability (SQL-injection) revealed in PlayStation Network. The flaw allows an attacker to gain access to Sony’s customer data.
Experts in the field of cyber security have warned that in the Sony PlayStation Network was discovered a serious vulnerability. As reported at Golem.de, service from Sony is vulnerable to SQL-injection, which allows an attacker to gain data from PSN users.
The error was detected by the expert Aria Akhavan. A hacker can visit the Sony’s support site and using a modified parameter in the URL of the resource, view the contents of a database in a browser window. The expert reported the results of their work in Sony, but never received a response.
PlayStation Network security constantly raises users’ concerns. So, in 2011, the service was hacked, resulting in 77 million users accounts to have been stolen, and the PSN servers were unavailable for 24 days. The incident led to several major investigations and of lawsuits in several countries. Fortunately, the stolen information is no longer pops up in the network. It is also worth noting the recent hacking of PSN, which occurred in August.
While some users have become accustomed to hacking of PSN and periodic outages of service, the iCloud celebrity photo leaks, shows once again how dangerous any hacking can be. The gaming community have not yet experienced the this situation, but the threat level remains high. The damage that can be done to online-games, will be incalculable.
Video below: As New PSN Hack Leaks Personal Info
Vulnerability: A critical SQL injection in Sony PlayStation Network service
Danger level: Critical
Availability of fixes: No
Number of vulnerabilities: 1
Vector of operation: Remote
Impact: SQL injection, Disclosure of sensitive data, Security Bypass
Affected products: PlayStation Network
Description:
A critical SQL injection vulnerability found on Sony PlayStation Website. This critical vulnerability allows access to user data on Playstation Networks.
References: http://www.golem.de/news/sql-injection-…-1410-110199.html
Note: users begin to report of console crashes and glitches following the “Masamune 2.0” system update.
I figured they had already learned their lesson about SQL Injection vulnerabilities a few years ago.