A Sony server has been hacked to host a website for an alleged phishing scam targeting an Italian credit card company and its users, according to the web security firm F-Secure.

"We know you're not supposed to kick somebody when they're already down ... but we just found a live phishing site running on one of Sony's servers," F-Secure wrote in a blog post on the hack.

The security breach appears to be unrelated to the attacks that took down Sony's PlayStation Network and Qriocity music service, the San Jose-based security company said.

However, it is yet another example of how the Japanese tech giant is struggling with security.

The attacks on Sony's online services that affected PlayStation and Qriocity users resulted in exposure and possible theft of personal data for more than 90 million customers.

Sony Chief Executive Howard Stringer apologized for the attacks, which resulted in the PlayStation Network and Qriocity being shut down on April 20, with a partial return on May 14 -- though many parts of the PlayStation Network, such as the PlayStation Store, still aren't fully up and running as they were before.

The Web server used to host the phishing site is normally used to host Sony's Thai site, F-Secure said, adding that it believes that the hack only affected a server that has no access to Sony customer's personal information.

F-Secure said it has notified Sony of the attack, later blocking the URL for the phishing site. Sony officials were unavailable for comment on the matter on Friday morning.

RELATED:

Sony flips the switch back on for PlayStation Network

Sony CEO apologizes for PSN hacks, offers ID-theft insurance

Sony says hacker may have stolen information from more than 90 million user accounts

-- Nathan Olivarez-Giles

twitter.com/nateog

Image: A screenshot of an alleged phishing site placed on a Sony server by hackers. Credit: F-Secure

Sony Ericsson's Xperia Play smartphone, which was dubbed the PlayStation Phone in rumors ahead of its official unveiling, is set to hit Verizon Wireless on May 26.

Pre-orders for the device, which features a sliding screen that reveals touch-sensitive directional pads and buttons for playing video games on the phone, begin May 19, Sony said.

The phone, which will run on a modified version of Google's Android Gingerbread operating system, will sell for $199.99 with a two-year contract.

The Xperia Play is the first "PlayStation certified smartphone," and will allow owners to download games for the device through both Google's Android Marketplace and Verizon's V Cast app store.

Seven games will come pre-loaded on the phone in the U.S.: Madden NFL 11, Bruce Lee Dragon Warrior, Asphalt 6: Adrenaline, The Sims 3, Star Battalion, Crash Bandicoot and Tetris.

More than 50 other games will be available via V Cast when the phone launches, Sony said.

Past PlayStation games will soon go on sale in the Android Marketplace, in the form of Android apps, and Sony will use Android as the OS to power its next portable PlayStation gaming console, currently nicknamed the NGP.

Sony hasn't said whether it will have the NGP, Xperia Play or future PlayStation certified phones use the recently relaunched PlayStation Network to buy games and apps, as is used on the PlayStation 3 video game console. 

The Xperia Play handset also features a 1GHz Qualcomm Snapdragon processor, a 4-inch touch screen, a 5-megapixel rear-facing camera and a VGA camera on the front for video chatting. The phone will also be able to connect to the Internet via 3G or Wi-Fi signals.

Below is a video from Sony Ericsson of the Bruce Lee Dragon Warrior game being demonstrated on the phone at the Mobile World Congress in Barcelona in February.

RELATED:

Sony flips the switch back on for PlayStation Network

Sony introduces two Android tablets: wedge-like S1 and dual-screen S2

Sony doubles down on portable gaming, introduces NGP and games for Android

-- Nathan Olivarez-Giles

twitter.com/nateog

Image: Sony Ericsson Xperia Play smartphone. Credit: Sony Ericsson

Sony on Saturday said it has started to gradually bring back its online PlayStation Network, beginning with California and some states in the Northeast.

Sony pulled the plug on its online game and entertainment network, which services tens of millions of PlayStation 3 users, when the company last month discovered that its data centers had been infiltrated and its customers' personal information most likely stolen.

Lawmakers, including Sen. Richard Blumenthal (D-Conn.) and Rep. Edward Markey (D-Mass.), made a fuss about the weeklong delay between the time Sony shut down its service and when it disclosed to its users that their information had been compromised.

The rebuke from policymakers prompted public apologies from senior Sony executives, including Chief Executive Howard Stringer and his heir apparent, Kazuo Hirai.

Sony has said it is working with the FBI to track down the hacker who illegally accessed its computers. A report by Bloomberg alleged that the infiltrator had rented Amazon.com's servers to launch the attack.

Meanwhile, it has been all hands on deck at Sony, whose employees have been working round the clock to reinforce its online security measures and restore the PlayStation Network and Qriocity music and movie services.

Sony said the process could take "several hours" to roll out across the country. The company has posted an online map that continually updates to show its progress in turning its services back on.

RELATED:

Sony CEO apologizes for PSN hacks, offers ID-theft insurance

Sony partially blames hacktivist group Anonymous for data breach

Sony says hacker may have stolen information from more than 90 million user accounts

-- Alex Pham

Photo: A man walks on a Sony PlayStation logo on the floor of an electronics store in Tokyo on April 27, 2011. Credit: Reuters/Yuriko Nakao

Sony's websites may be the next target for hackers in what would be a third cyber attack against the consumer electronics titan, according to a report from CNet.

An unidentified group of hackers said it was planning to attack Sony's websites this weekend in response to the anger over the way the Tokyo-based company has handled attacks against its PlayStation Network and cloud-based music service Qriocity, CNet said.

The hackers allegedly discussed the planned attack on an Internet Relay Chat channel, which is a private instant messaging system used to communicate in real-time, in text, across the Web, the report said.

"An observer of the Internet Relay Chat channel used by the hackers told CNET Friday that a third major attack is planned this weekend against Sony's Web site," CNet said, not naming who the observer was.

If the planned hack succeeds, those involved said they want to publicize some or all of the data they can siphon from Sony's servers, the report said. The attacks on Sony's servers so far have exposed personal information such as names, birth dates, addresses, email addresses and even credit card information.

The hackers communicating on the Relay Chat said they already have access to some of Sony's servers, CNet said.

The move to take down Sony's websites would be one made out of retaliation due to frustration with the way Sony has handled two previous attacks on its online services so far, the report said.

The first attack came in April, against servers for the PlayStation Network and Qriocity music service. Sony shut down the two online services on April 20 after discovering it had been hacked on April 19. Neither service has returned to public operation as of yet.

A second cyber-attack against Sony took place on Monday. For the follow-up attack, the target was Sony Online Entertainment's servers. That hack forced the company to shut down that division of its business, which builds and supports online multiplayer computer games such as EverQuest and the Matrix Online.

The weekend attack on Sony's websites would be the third attack against the company in recent weeks. It is unclear as to whether or not the first two, and possibly third, attacks have been performed by the same group.

Sony has lobbed some of the blame for its problems at the "hacktivist" group Anonomyous, but the group has denied any responsibility for the attacks.

The troubles for Sony's online services has led to frustration from Congress and the U.S. attorney general's office, both of which are looking for more information from Sony about how the incidents took place and what the company is doing to protect consumers.

Sony apologized for the massive security breaches; Sony CEO Howard Stringer apologized in a letter to PlayStation users while also announcing a $1-million identity theft insurance policy for affected U.S. users.

RELATED:

Sony CEO apologizes for PSN hacks, offers ID-theft insurance

Sony partially blames hacktivist group Anonymous for data breach

Sony says hacker may have stolen information from more than 90 million user accounts

-- Nathan Olivarez-Giles

Twitter.com/nateog

Image: A screenshot of Sony.com, which could be the next target for hackers attacking Sony. Credit: Sony

Sir Howard Stringer, Sony's chief executive, president and chairman, issued an apology for the hacking of the PlayStation Network and Qriocity music service, and the resulting outage of both online services since April 20.

In a letter posted on the PlayStation Blog, Stringer also said Sony has put in place a $1-million identity theft insurance policy to cover affected users.

"I know this has been a frustrating time for all of you," Stringer wrote in the first line of his letter posted late Thursday. "Let me assure you that the resources of this company have been focused on investigating the entire nature and impact of the cyber-attack we've all experienced and on fixing it."

Stringer told service subscribers that the company will be "rewarding you for your patience."

"To date, there is no confirmed evidence any credit card or personal information has been misused, and we continue to monitor the situation closely," he wrote. "We are also moving ahead with plans to help protect our customers from identity theft around the world."

The $1-million identity theft insurance plan, which was announced in the letter, only covers U.S. users of the PlayStation Network and Qriocity, but Sony is planning announcements for other regions soon, Stringer wrote.

The PlayStation Network is Sony's online service which allows PlayStation 3 video game console owners to play online-enabled games with friends, as well as serving as a storefront to buy downloadable games, movies and music. Qriocity is Sony's subscription-based Web service which allows users to stream music from the cloud.

Sony has announced a "Welcome Back" package for affected users of both services, which is upwards of 90 million people. The package will offer one month of free PlayStation Plus membership for PlayStation Network users and extensions of subscriptions for PlayStation Plus and Qriocity customers "to make up for time lost," Stringer said.

"As a company we -- and I -- apologize for the inconvenience and concern caused by this attack," he wrote. "Under the leadership of Kazuo Hirai, we have teams working around the clock and around the world to restore your access to those services as quickly, and as safely, as possible."

Stringer also addressed concerns that Sony waited too long to notify customers of what was going on.

After shutting down the Web-based services on April 20, it wasn't until April 27 that Sony said personal information may have been accessed and on May 1, Sony said as many as 10 million credit card accounts may have been exposed to hackers in the network attack.

"I know some believe we should have notified our customers earlier than we did," Stringer wrote. "It's a fair question. As soon as we discovered the potential scope of the intrusion, we shut down the PlayStation Network and Qriocity services and hired some of the best technical experts in the field to determine what happened. I wish we could have gotten the answers we needed sooner, but forensic analysis is a complex, time-consuming process. Hackers, after all, do their best to cover their tracks, and it took some time for our experts to find those tracks and begin to identify what personal information had -- or had not -- been taken."

Stringer said Sony's investigation into just what happened is still ongoing and that the company is also upgrading its security measures to protect itself from future attacks.

"In the last few months, Sony has faced a terrible earthquake and tsunami in Japan," he wrote. "But now we are facing a very man-made event -- a criminal attack on us -- and on you -- and we are working with the FBI and other law enforcement agencies around the world to apprehend those responsible."

Stringer did not offer an exact date as to when the PlayStation Network or Qriocity would be up and running again, but said it would happen "in the coming days."

RELATED:

Sony partially blames Anonymous for data breach

U.S. attorney general launches probe into Sony data breach

Sony says hacker may have stolen information from 24.6 million additional accounts

-- Nathan Olivarez-Giles

twitter.com/nateog

Photo: Sir Howard Stringer, Sony president and chief executive, speaks during the Sony Media Technology Centre launch at a film school on the outskirts of Mumbai, India, on March 4. Credit: Danish Siddiqui / Reuters

Sony told U.S. lawmakers that the Internet vigilante group Anonymous indirectly allowed a network attack that exposed the personal data of millions of customers.

In a letter to the House Energy and Commerce Committee's panel on commerce, manufacturing and trade, Sony said that it discovered a file planted on one of its servers named "Anonymous" with the words "We are Legion," the tagline for the group that has brought down the websites of big corporations such as Visa, the letter said.

Sony's network may have been breached while it was defending itself against a denial-of-service attack from Anonymous, Sony said. The online activists were protesting a civil suit Sony brought in federal court in San Francisco against a hacker.

“Whether those who participated in the denial-of-service attacks were conspirators or whether they were simply duped into providing cover for a very clever thief, we may never know,” the letter said.

"Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack designed to steal personal and credit card information for illegal purposes,” the letter said. Sony said the company earned of the first breach on April 19 and shut down the PlayStation Network the following day. The company informed account holders that their personal data was potentially exposed about a week later.

In response, Anonymous released a statement Wednesday denying the allegations, but did allow that individual members may have been involved.

"Sony is incompetent," the group said. "While it could be the case that other Anons have acted by themselves AnonOps was not related to this incident and takes no responsibility."

Also on Wednesday, U.S. Atty. Gen. Eric Holder told the Senate Judiciary Committee that the Justice Department had opened an investigation into "those hacking situations that have gotten publicity over the last few weeks, the Sony incident among them."

New York Atty. Gen. Eric Schneiderman on Wednesday subpoenaed three Sony divisions -- Sony Computer Entertainment, Sony Network Entertainment and Sony Online Entertainment -- for documents regarding their security, CNBC reported.

RELATED:

U.S. attorney general launches probe into Sony data breach

Sony says hacker may have stolen information from 24.6 million additional accounts

Sony says PlayStation Network credit-card data was encrypted

-- Shan Li

Photo: A customer watches a monitor of Sony's PlayStation 3 at a Tokyo electrical shop April 27. Credit: Yoshikazu Tsuno / AFP / Reuters

The Justice Department has opened an investigation into the security breach at Sony Corp., in which two separate attacks over the last month shut down Sony's PlayStation Network and an online-gaming unit.

"We have open investigations with regard to those hacking situations that have gotten publicity over the last few weeks, the Sony incident among them," U.S. Atty. Gen. Eric H. Holder Jr. told the Senate Judiciary Committee Wednesday, according to Reuters.

Federal prosecutors in San Diego are working with FBI agents to look into the alleged hacking crimes, the news agency said.

Also Wednesday, Sony responded to a congressional committee inquiry into the network attacks.

The company "has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyberattack designed to steal personal and credit card information for illegal purposes," Kaz Hirai, Sony's executive deputy president, wrote in the letter to the House Energy and Commerce Committee's panel on commerce, manufacturing and trade.

In the letter, Hirai said the company learned of the first breach on April 19 and shut down the PlayStation Network the following day. The company informed account holders that their personal data was potentially exposed about a week later.

"Throughout this challenging period, [employees] acted carefully and cautiously and strove to provide correct and accurate information while balancing concerns for our consumers' privacy and need for information," the letter said.

The attack on Sony's PlayStation Network and Qriocity music-streaming service compromised the personal information of 77 million customers accounts. On Sunday, the company suspended service for Sony Online Entertainment, best known for creating online multi-player games such as EverQuest and The Matrix Online, after an intrusion exposed personal data for about 24.6 million subscribers.

Sony apologized Saturday and announced several "welcome back" freebies for PlayStation customers, including 30 days of free access to Qriocity for affected customers as well as 30 days of access to the PlayStation Plus online game service. The company will also provide credit card protection services to relevant customers, Hirai said.

New York Atty. Gen. Eric Schneiderman on Wednesday subpoenaed three Sony divisions -- Sony Computer Entertainment, Sony Network Entertainment and Sony Online Entertainment -- for documents regarding their security, CNBC reported

Consumers have filed at least two lawsuits in California against Sony and are seeking federal class-action status.

RELATED:

Sony says hacker may have stolen information from 24.6 million additional accounts

Sony online gaming unit shut down in second attack

Sony apologizes, says 10 million credit card accounts may have been exposed in network attack

-- Shan Li

Photo: Shot of Sony's EverQuest 2, one of the games created by Sony Online Entertainment. Credit: Sony Online Entertainment

Sony said Monday afternoon hackers may have stolen personal information from 24.6 million customer accounts registered at its Sony Online Entertainment game subsidiary in San Diego.

The compromised accounts were in addition to the 77 million accounts whose information was stolen between April 17 and April 19 on Sony's PlayStation Network, an online game and entertainment service for its PlayStation 3 console.

In addition, hackers were able to access credit card data from 12,700 credit cards and 10,700 direct debit accounts of non-U.S. customers who played Sony Online Entertainment's games, which include EverQuest 2 and Free Realms. Sony disclosed the details on its website.

The Japanese company suspended the online game service Sunday because of an intrusion into the company's computers. It had already shut down PlayStation Network on April 20.

Sony's forensic detectives are continuing to investigate the extent of the break-in, a process that could yield additional surprises over the next few days as the company works with the FBI to track down the intruder.

-- Alex Pham

Less than a week after news of a security breach sparked an uproar, Sony Corp. has shut down its online-gaming unit after a hacker infiltrated the network in the second such attack on the company in the last month.

Sony Online Entertainment, known for creating massive multi-player games such as EverQuest and The Matrix Online, suspended service Sunday night, according to a statement Monday.

"In the course of our investigation into the intrusion into our systems we have discovered an issue that warrants enough concern for us to take the service down effective immediately," the statement said.

Two weeks ago, an attack on Sony's PlayStation Network and Qriocity music service exposed the personal information of 77 million customers accounts. Sony apologized and disclosed Saturday that 10 million credit card accounts may have been compromised during the security breach.

The company will give affected customers 30 days of free access to its Qriocity music-streaming service as well as 30 days of access to its PlayStation Plus online game service. The company will also provide credit card protection services to relevant customers, Kaz Hirai, Sony's executive deputy president, said during a news conference on Saturday.

The company has drawn the ire of both customers and lawmakers since the initial attack. A congressional subcommittee last week demanded answers to a detailed list of questions regarding security concerns, including when the breach occurred, how much data was stolen and why Sony waited a week before it notified customers.

Consumers have filed at least two lawsuits in California against Sony and are seeking federal class-action status.

 RELATED:

Sony says PlayStation Network credit-card data was encrypted

Sony: User data, possibly credit card info, taken in PlayStation Network hack

Sony apologizes, says 10 million credit card accounts may have been exposed in network attack

-- Shan Li

Photo: Sony's Playstation3 and its game controller are displayed at a showcase at an electronic shop in Tokyo on Sunday. Credit: Kim Kyung-Hoon / Reuters

Sony has revealed that 10 million credit card accounts may have been exposed two weeks ago when a hacker broke into the company's computers in San Diego and stole data from 77 million PlayStation Network accounts.

During a news conference in Tokyo on Saturday, Kaz Hirai, Sony's executive deputy president, offered the company's first public apology by an executive and promised to compensate customers.

"We offer our sincerest apologies," Hirai said, then bowed deeply in a Japanese custom showing regret, at the news conference, a recording of which can be viewed here.

Hirai said Sony would give affected customers 30 days of free access to its Qriocity music-streaming service as well as 30 days of access to its PlayStation Plus online game service. In addition, Sony said it will provide credit card protection services for the 10 million customers whose data were compromised.

Sony last week said it had encrypted credit card data, but not other account information, including names, addresses, email addresses and birth dates.

The break-in, which occurred between April 17 and April 19 but was not disclosed until April 25, drew furor from U.S. lawmakers, who last week demanded more information from Sony about the intrusion and why the company took a week before notifying its customers.

Sony has maintained that the company acted as quickly as it could to ascertain the nature of the break-in, hire security experts and assess the scope of the damage. During the news conference, Hirai offered a time line of the events, saying the company was notified of the intrusion on April 19 and shut down the service on April 20 to investigate. It hired three firms to conduct a forensic analysis of its computers.

Clarifying an earlier statement that said consumer passwords were not encrypted, Sony said they were "hashed," a form of mathematical obfuscation that makes it difficult for a hacker to read the passwords.

-- Alex Pham

Photo: Speaking at a news conference Saturday, Kazuo Hirai, Sony's executive deputy president, is flanked by Shinji Hasejima, Sony's chief information officer, on the right, and Shiro Kambe, senior vice president of corporate communications. Credit: Sony Corp