Sony Cyber Attack Lesson #1: Don't Save Passwords in a Directory Called 'Password'

Just a week after suffering from a malware attack, which compromised its servers and made its films appear in file-sharing sites, Sony is again faced with a new round of hacking issues.

The latest data breach involves thousands of company passwords that were allegedly saved in the company's file directory under the label "Password." Based on the leaks that appeared online, the files include the Social Security Numbers of the company's 47,000 employees and some actors such as Rebel Wilson, Judd Apatow, and Sylvester Stallone.

On Nov. 25, Sony suffered from an attack on its servers, making its computer systems totally inoperable. Data breachers gained unlawful access to confidential employee data, which includes executive salaries.

Some of the company's upcoming films had also been compromised and shared on various file-sharing sites. One of these is Annie, which is scheduled for release on Dec. 19.

The breach occurred one month prior to Sony's release of The Interview. The movie is about a plot of the CIA to assassinate the leader of North Korea. It is starred by James Franco and Seth Rogen. The North Korean government described the movie as the "undisguised sponsoring of terrorism, as well as an act of war."

North Korea's disapproval of the film made the country a prime suspect in the attack. However, the country has denied any involvement.

The hackers, which called themselves Guardians of Peace, have once again attacked Sony by leaking a whole folder filled with social security numbers.

Some of the company's former employees were not surprised with the attacks.

"Sony's information security team is a complete joke, prone to ignoring reports about vulnerabilities," said the group, which has stressed the vulnerabilities on company sites, but the concerns only fell on deaf ears.

The latest attack compromises 139 Word files, Excel spreadsheets, PDFs, and zip files, which contain thousands of passwords to Sony's internal PC systems, web service accounts, and even social media accounts.

Most of these files carried a label in plain text and were not protected by a password. One of the uncovered files shows hundreds of usernames and passwords, which were clearly labelled as coming from the Twitter, YouTube, MySpace and Facebook accounts of the company.

Sony has yet to make a comment on the latest hacking incident. Earlier in the week, Michael Lynton, CEO of Sony Pictures Entertainment, and Amy Pascal, co-chairman, authored a company-wide memo that called the breach a "brazen attack on our company, our employees and our business partners."

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics