The hack of Sony Pictures is much more serious than previously thought, with thousands of Social Security numbers of past and present employees being posted online.
Previously, the hack resulted in networks being taken over, Twitter accounts being hacked, upcoming movies posted and the defacement of websites that belong to the company. The group behind the hack calls themselves the "Guardians of Peace," or #GOP.
"The most concerning finding in our analysis is the sheer number of duplicate copies of Social Security numbers that existed inside the files," said Identity Finder CEO Todd Feinman. "In this instance, some SSNs appeared in more than 400 different locations, giving hackers more opportunities to wreak havoc."
It's easy enough to rectify the situation if things like credit cards are stolen. Victims can simply call up their bank and have a new one issued. Social Security numbers, however, are another issue. The breach could take years for victims to rectify, according to Identity Finder.
The total number of Social Security numbers stolen is around 47,000, from both current and former employees. Even Hollywood celebrities weren't exempt from the hack, with the likes of Sylvester Stallone, Judd Apatow and Rebel Wilson being on the list.
An analysis of around 33,000 Sony documents found the personal data stolen dates back all the way to 2000, as well as information on one staff member who started at the company in 1955.
The hack also exposed emails sent between Sony executives, who discussed the "blah-ness" of Adam Sandler films.
"Although we manage to produce an innovative film once in awhile, Social Network, Moneyball, The Girl with the Dragon Tattoo, we continue to be saddled with the mundane, formulaic Adam Sandler films. Let's raise the bar a little on the films we produce, and inspire employees that they are working on the next Social Network," said an executive in an email.
Analysis by Kaspersky Labs reveals the malware used in the hack is particularly dangerous. It not only resembles "DarkSeoul" malware that was used against a number of South Korean companies last year, but it also resembles the "Shamoon" wiper code used against Saudi Aramco in 2012.
The Federal Bureau of Investigation has warned U.S. businesses this malware is particularly violent. The malware used against Sony could be used against other businesses.
It was originally believed North Korea was tied to the attack after complaints from the regime, related to upcoming movie The Interview, were ignored. The film follows two journalists, played by James Franco and Seth Rogen, who are hired by the CIA to assassinate North Korean leader Kim Jong Un. When asked if North Korea was behind the attack, officials from the country simply said "wait and see." Since then, however the North Korean government has denied involvement in the hack.
"Linking the DPRK to the Sony hacking is another fabrication targeting the country," said an unnamed North Korean diplomat. "My country publicly declared that it would follow international norms banning hacking and piracy."