There’s a Reason Why They Called it ‘Sownage’ Drew Wilson | July 6, 2011 May and June of 2011 may be two months Sony would rather forget. It’s pretty much next to impossible to really track just how many times the multinational company was hacked. Still, that doesn’t mean there are efforts out there to show just how much the company got hacked. Note: This is an article I wrote that was published elsewhere first. It has been republished here for archival purposes We’ve offered very detailed coverage of the hacking of Sony. One of our reports was simply titled, “Lulzsec Hacks Sony for 6th Time, Uploads Data to Pirate Bay”. That one article alone is just the tip of the iceberg with regards to the millions of user accounts that were compromised and the countless times a Sony website was defaced. Recently, datalossdb.org pointed to an interesting posting on attrition.org which offers a condensed history of the hacking activities of Sony. Scrolling down a little, you can see a table which shows some of the compromises that occurred between April 4th to June 28 of this year. In that time span alone, the table documents exactly 20 times Sony had been compromised. Even the table is just the tip of the iceberg if you were to look at the notes: “This table does not count any Denial of Service (DoS) attacks against Sony as an incident.” We do note that the entry before the 16th hack shows the confusion the media had over whether or not a high ranking member of LulzSec was arrested (our sources would indicate that it was a chatroom operative and barely even considered a member of LulzSec) To add insult to injury, the posting also offers “legacy” Sony hacks which were prior to the more recent incidences that date back as far as 1999. The legacy hacks appear to be little more than website defaces, but it does show the security problems one company has had over the years. The author notes the newly coined term “Sownage” which is the ownage of Sony. What I also like about this is that it shows just how difficult it was to keep track of the hacking on Sony. Even DatalossDB, a website devoted to specific kinds of compromised data, admits, “We thought keeping track of entities involved in the Epsilon breach was tough, but the recent spate of attacks on Sony networks has us working overtime trying to update the database.” I can fully attest to how keeping track of the Sony breaches and hacking was at least a part time commitment and I’m sure my colleague Jared Moya would agree that the Sony data breaches was certainly an eventful moment. We should point out, in all fairness, that Sony did at least attempt to do some damage control. For example, Sony did offer a welcome back package for the PSN outage to it’s PSN users which included free giveaways of services. In addition, they created a new employee position to watch over the security of Sony. For some users, this was enough, for others, the damage was already done as they bid farewell to being a Sony Playstation customer. For a number of people that have Sony as a part of their lives, life seems to be returning to normal. According to DatalossDB, the last Sony data breach occurred on June 19th, when Sony Pictures France had 177,000 accounts compromised. For Sony, I would imagine the hacking has wreaked absolute havoc on the PR front if anything else. I can also see that it would require a complete overhaul in security measures and policy – maybe even a whole new attitude toward security – between before these latest breaches occurred and now in order to prevent such a catastrophic occurrence from ever happening again. There’s little doubt that no company wants to go through what Sony did, but to ensure it never happens, other companies should take any necessary steps to stop something like this from ever happening in the first place. Drew Wilson on Twitter: @icecube85 and Google+.