wasc-whid@lists.webappsec.org

WASC Web Hacking Incidents Database

View all threads

WHID 2011-87: PSN Admin Dev Accounts Got Hacked

WW
WASC Web Hacking Incidents Database
Mon, Apr 25, 2011 3:20 PM

*Entry Title: *WHID 2011-87: PSN Admin Dev Accounts Got Hacked
*WHID ID: *2011-87
*Date Occurred: *April 24, 2011
*Attack Method: *Brute Force
*Application Weakness: *Insufficient Anti-automation
*Outcome: *Account Takeover
*Attacked Entity Field: *Entertainment
*Attacked Entity Geography: *
*Incident Description: *Sony’s PlayStation Network has been down since
Wednesday and stayed kaput throughout the weekend. Sony has admitted that
the outage was due to their network being hacked but has not given any
further details. But now, a source closely connected with Sony Computer
Entertainment Europe (SCEE) reports that the attack is much deeper than
admitted by Sony. The source claims that the PSN sustained a LOIC attack
(which created a denial-of-service attack) that damaged the server. Plus, it
received concentrated attacks on the servers holding account information and
breached the Admin Dev accounts.
*Mass Attack: *No
*Reference: *
http://www.slashgear.com/psn-admin-dev-accounts-got-hacked-source-claims-service-to-return-by-tuesday-24148081/
*Attack Source Geography: *

*Entry Title: *WHID 2011-87: PSN Admin Dev Accounts Got Hacked *WHID ID: *2011-87 *Date Occurred: *April 24, 2011 *Attack Method: *Brute Force *Application Weakness: *Insufficient Anti-automation *Outcome: *Account Takeover *Attacked Entity Field: *Entertainment *Attacked Entity Geography: * *Incident Description: *Sony’s PlayStation Network has been down since Wednesday and stayed kaput throughout the weekend. Sony has admitted that the outage was due to their network being hacked but has not given any further details. But now, a source closely connected with Sony Computer Entertainment Europe (SCEE) reports that the attack is much deeper than admitted by Sony. The source claims that the PSN sustained a LOIC attack (which created a denial-of-service attack) that damaged the server. Plus, it received concentrated attacks on the servers holding account information and breached the Admin Dev accounts. *Mass Attack: *No *Reference: * http://www.slashgear.com/psn-admin-dev-accounts-got-hacked-source-claims-service-to-return-by-tuesday-24148081/ *Attack Source Geography: *