Sony has been hacked once again, although this time is not as serious. Security firm F-Secure has discovered that a Web server belonging to Sony is hosting a phishing site that targets customers of the Italian credit card company Carta Si. The good news is that this time, the PlayStation Network is unaffected!
Sony Thailand has the domain sony.co.th, and this attack is hosted on hdworld.sony.co.th. F-Secure has notified Sony about the issue.
Phishing attack sites work by tricking people into entering their login credentials and other sensitive data into a fake website, which looks as if it is legitimate. Users and their browsers should always check the URL of the page they are on before handing in such information to a webpage.
In this case, the malicious site is hosted on Sony's servers, which means that if a browser checks the domain, it will look valid. Thankfully, browsers eventually catch up on these hijacks (some browsers are already warning users if they navigate to this Sony domain). Still, users should always check the URL, just in case. It's not clear what other phishing attacks the server in question could be hosting, but Sony will likely take them all down as soon as possible.
At the beginning of April, Anonymous executed a distributed denial of service (DDoS) attack against the Sony PlayStation website. Later last month, the PlayStation Network was hacked. Earlier this month, Sony was announced that 24.6 million Sony Online Entertainment accounts were compromised. Earlier this week, Sony PlayStation Network logins were exploited again.