Sony just can't catch a break. Just as the Japanese company was pulling itself out of the hole following the PSN and SOE hacks, a phishing site has been found living on Sony's servers. The site is hosted on a sub-domain of Sony's official Thailand site. Who's running this company's servers anyway?
Finnish security company F-Secure found the offending site earlier today at the address hdworld.sony.co.th. The scam is targeting the customers of an Italian credit card company. It's likely the same old story: bad guys get users to go to the fake site, input account information, steal account. The difference here is that the aforementioned bad guys managed to comprise a Sony server to run the scam.
F-Secure alerted Sony, who took the site offline. Additionally, services like OpenDNS have blocked the domain. In the grand scheme of things, this isn't the worst hack a company has faced, but after what happened, why didn't Sony go over their data with a fine tooth comb?