October 28, 2016

Sony hack shows that the company kept passwords stored in a folder called “Password”

SONY PICTURES LOGO(LiveHacking.Com) – Sony Pictures Entertainment has been hacked and it has been hacked hard. Over 40GB of data has been released on the Internet. The trove of data includes scripts and documents about salaries and film budgets. It is being described as “probably the worst corporate hack in history.” A group called Guardians of Peace, which may be affiliated with North Korea, has claimed responsibility for the cyber attack. It is thought that North Korea is upset at Sony Pictures’ new movie The Interview, which satirizes the country’s dictator Kim Jong Un.

As experts and journalists are continuing to pour over the data, one bizarre item has been found. According to Buzzfeed, the latest data dump included a folder called “Password.” In it there were 139 Word documents, Excel spreadsheets, zip files, and PDFs containing thousands of login credentials for Sony Pictures’ internal computers, social media accounts, and web services accounts. The files used very convenient naming conventions like “password list.xls” or “YouTube login passwords.xlsx.”

Among the passwords were details of SPE’s social media accounts including Facebook, YouTube, and Twitter. One thing is for sure, SPE is going to need to change a lot of passwords, and it needs to do it fast! There are also documents which contain passwords for a variety of other services including Amazon, FedEx, Lexis/Nexis, and Bloomberg.

The situation could get worse for Sony over the next few days. The hackers have indicated that this latest dump is only the start of a series of planned data dumps to the Internet. The hackers claim to have taken over 100TB of data from SPE, of which we have only seen a fraction so far.

The seriously troubling thing about this latest hack is that it isn’t the first time that Sony has been targeted. Sony Pictures Entertainment websites were breached in 2011 by a group known as LulzSec. As a result of the breach LulzSec published the names, birth dates, addresses, emails, phone numbers and passwords of thousands of people who had entered contests promoted by Sony. That breach occurred only a few weeks after Sony confirmed a breach to its PlayStation Network that exposed millions of personal user records. Then last, but not least, in 2012 hackers claimed to have accessed Sony’s servers and downloaded Michael Jackson’s entire back catalog, worth some $253 million.

Sony Hacked Again – This Time Sony Pictures Targeted

Reuters are reporting that the servers running the Sony Pictures Entertainment websites have been breached by a group known as LulzSec. The same group have claimed responsibility for past attacks against PBS television and Fox.com. As a result of the breach LulzSec has published the names, birth dates, addresses, emails, phone numbers and passwords of thousands of people who had entered contests promoted by Sony.

“From a single injection, we accessed EVERYTHING,” the hacking group said in a statement. “Why do you put such faith in a company that allows itself to become open to these simple attacks?”

This latest security breach comes on the heels of two separate breaches in April. Sony took down its online PlayStation Network on Wednesday 20th April when it spotted unauthorized access to the network by hackers on the preceding three days (April 17 to April 19, 2011). Sony later confirmed that, certain PlayStation Network and Qriocity service user account information was compromised.

Later, Sony revealed that the breach of its servers was much larger than originally reported. Initially Sony revealed that some 77 million user records where exposed during a breach of the PlayStation Network (PSN), however it then reported that 24.5 million Sony Online Entertainment user records have also been stolen.

Reuters has confirmed the authenticity of the data with several of the contestants who details were published.