Sony Pictures leak reveals passwords, certificates

December 4, 2014 | 11:45

Tags: #attack #breach #data-breach #gop #guardians-of-peace #insecurity #leak #malware #north-korea #privacy #security

Companies: #sony-pictures

Things appear to be getting worse for Sony Pictures with regard its recent data breach, with additional files being leaked including encryption certificates, passwords and employees' personal data.

The company fell victim to a data breach by a group calling itself GOP, or Guardians of Peace, late last month. While the group claimed to have made demands of the company with the threat of the stolen data being published, the exact nature of these demands has yet to be made public - although that hasn't stopped the rumour-mill calling it everything from an insider job seeking cash to claims that Sony was to issue a statement denouncing the attack as a North Korean protest against an upcoming film - a claim Sony says is untrue. The attack is claimed to have effectively shut down Sony Picture's entire network, and led to the leaking of unreleased films earlier this week.

To have its unreleased films put on file-sharing sites is bad news for Sony, but reports indicate things are getting worse. The Next Web has published files shared by an anonymous individual claiming to be 'the boss of GOP' which appear to include username and password details for its internal servers, social media accounts, and even encryption certificates and their private keys. An internal memo obtained by newswire AFP and published in part by The Guardian confirmed that 'a large amount of confidential Sony Pictures Entertainment data has been stolen by the cyberattackers, including personnel information and business documents,' calling the breach and subsequent leaks 'malicious criminal acts.' So far, the attackers have leaked only around 50GB of a claimed 100TB trove of data.

Sony has indicated that it is continuing to work with law enforcement, but aside from a denial that it was to name North Korea as the source of the breach has not yet publicly confirmed exactly what data has been taken nor what actions it is taking to protect itself and its staff from the consequences of the breach.
Discuss this in the forums
YouTube logo
MSI MPG Velox 100R Chassis Review

October 14 2021 | 15:04