Submission + - Sony BMG Greece Hit By Hacker (computerworld.com)
The stolen data was passed on to Hacker News, which posted a copy of it on PasteBin.com, Sophos said. Chester Wisniewski, senior security adviser at Sophos, today said that the intrusion was made possible by a SQL injection flaw that allowed the intruders to inject malicious code into the Greek Sony BMG site.
According to Wisniewski, the attacker appears to have used an automated SQL injection tool that searched for vulnerabilities in the site. "This looks like it was an old-school hacking," Wisniewski said. "It surprised me that Sony missed this one, considering how easy it was to find. This was not sophisticated at all.""