Sony Pictures hackers release passwords, employee social security numbers, salaries and more

Shawn Knight

Posts: 15,256   +192
Staff member

hackers sony passwords social security numbers sony hack guardians of the peace

The flood of sensitive information coming out of the recent cyber attack against Sony Pictures seemingly knows no bounds. Nearly half a dozen unreleased Sony films hit piracy websites in the wake of the security breach but now, the nefarious attackers who refer to themselves as the Guardians of the Peace have published a wealth of personal data associated with both former and current Sony employees.

Data-security firm Identity Finder LLC recently combed through some 33,000 documents leaked as a result of the attack. What they found was quite alarming: salaries, social security numbers, home addresses and more on over 47,000 Sony employees including big Hollywood celebrities like Sylvester Stallone, director Judd Apatow and Australian actress Rebel Wilson.

Identity Finder noted that much of the information was found in non-password protected Excel files.

A joint investigation between Sony, the FBI and security firm FireEye revealed that the malware used in the attack was created on a machine with Korean language settings during Korean peninsula normal business hours. It was very similar in design to malware used against South Korean banks and TV stations a year ago, sources said.

Sony is reportedly offering affected employees a free year of credit monitoring and fraud protection. What’s more, Sony’s lawyers are said to be trying to get links to the sensitive data removed from various websites but as the Wall Street Journal notes, once something like this his file-sharing networks, it’s virtually impossible to scrub from existence. 

Permalink to story.

 
The serious lack of respect for data security is off the charts.

Plain-Text passwords in an unencrypted spreadsheet saved in a folder called Passwords? Seriously?

C'mon, that's beyond amateur
 
I'd be annoyed if I saw the salaries. Just knowing what some people earn for doing absolutely nothing would make me jealous knowing that I could do same thing far better than them not to mention the fact I'm probably better qualified and I practice at it ceaselessly. :D
 
Well, f*** them hackers. One thing is going against a company (abstraction of people) than against individuals targeted arbitrarily. On the other side, shame on SONY for such amateur worst practices as John C Bell commented before.
 
This is not, the first time that this kind of attack against Sony happens. It has happened in the past, has happened again and will happen again, unless Sony does something about it.
 
Perhaps what the hackers were going for was to make note-worthy how simple the security measures were for Sony.

It wouldn't be surprising that making the statement of how insecure such large corporations realistically can be, could have been part of the intention.
 
Back