Sony Pictures Hackers Put 47,000 Social Security Numbers Online

Sony Pictures Hackers Put 47,000 Social Security Numbers Online

image

The Breach shows that Sony Pictures data security was, and is a complete joke.

Sony Pictures Entertainment is the division of Sony that oversees production of films, cartoons, and television shows.

It's also the laughingstock of the cybersecurity world right now.

Last week, hackers broke into Sony Pictures and, among other things, leaked DVD rips of several movies online (including Fury, which just left first-run theaters). The attack is already expected to cost Sony tens of millions of dollars in losses.

But the problems extend beyond a few leaked DVD-quality downloads. Hackers, who used malware that's been seen online as far back as July stole over 33,000 documents and spreadsheets, including a whopping 47,000 social security numbers. The stolen numbers are from a Sony employee database of some sort, and range from rank-and-file Sony Pictures employees, to household names like Sylvester Stallone and Judd Apatow.

What's worse is that there was seemingly little in the way of security between the hackers and such sensitive information. The Guardian reports that employees were storing passwords in a folder labeled -- you guessed it -- "Password." The folder had several dozen documents and spreadsheets with passwords for internal computers, social media accounts, and various other web applications. All of the data has been uploaded to various filesharing/Usenet services by the hacker group responsible, called the Guardians of Peace (#GOP for short).

Images of Spaceballs, and President Skroob come to mind.

While unconfirmed, many believe the hack was executed by order of the North Korean government, which has a bone to pick with Sony Pictures over its upcoming film The Interview, in which Seth Rogen and James Franco are tasked with assassinating dictator Kim Jong-un.

On the bright side? At least it's not another Gmail hack.

Source: The Telegraph | The Verge

Permalink

So essentially this confirms that Sony has learned absolutely nothing since the PSN hack.

fix-the-spade:
So essentially this confirms that Sony has learned absolutely nothing since the PSN hack.

To be fair.. the larger the entity the harder it is to be secure. But seriously.. why did they have a DVD quality rip sitting on a network comput...oh right Yeah... convenience is the enemy of control.

Though I do suspect this was more than likely a bit of social hacking that computer hacking.

For fuck sakes! Hack this, hack that, hack everything. Why don't hackers just hack themselves a life!!

At this point, I really hope no one is stupid enough to still have personal info/credit card info stored with their PSN accounts...

All I can really do is shake my head and laugh. A folder for passwords labeled Passwords? Oh Sony, you so stupid.

Less incompetent corporations have gone bankrupt and ceased to exist. That this happened not once but twice, years apart, and Sony has changed nothing in the meantime, is nothing but pure stupidity.

I honestly doubt Sony will be around in 5 years. At the rate they're jettisoning ballast to stay aloft (getting rid of whole divisions, selling buildings, etc) I wouldn't be surprised if they're circling the drain in less than 12 months.

Sony really doesn't have a great track record for this stuff. My Cryptography professor constantly used Sony as his example for how a cryptosystem can be completely secure, and then be completely and entirely broken because someone didn't know how to use it.

Funny thing about the One-Time Pad. You only use it once.

By all sounds our computer science department puts a lot more expertise into security than Sony does. Absolutely nobody can read any user's passwords, and they certainly aren't stored on a spreadsheet.

WarpedLord:
At this point, I really hope no one is stupid enough to still have personal info/credit card info stored with their PSN accounts...

What you said. The world wants everything digital but whats the point when companies have crap security.

A-list celebrities are advised to change their Social Security numbers... oh wait you can't.

Seriously, it should be a massive felony to have people's Social Security numbers stored in anything that doesn't meet a rigorous series of security requirements. From what I understand, once somebody has that, they basically have your identity, period, forever.

It's funny how they got hacked by dial-up internet.

In all seriousness, what company makes a folder called PASSWORDS with EVERYONE'S PASSWORDS ON IT?!

Good. Not because the data was leaked or stolen, but because it seems there is a need of a major hack in sonys every division to have them institute even the basic level of security. they dont seem to be able to learn and if what Guardian says is correct then they dont seem to be able to even think.

Paradox SuXcess:
For fuck sakes! Hack this, hack that, hack everything. Why don't hackers just hack themselves a life!!

Yeah, who needs security, we can just tell hackers to get a life!

Steve the Pocket:
A-list celebrities are advised to change their Social Security numbers... oh wait you can't.

Seriously, it should be a massive felony to have people's Social Security numbers stored in anything that doesn't meet a rigorous series of security requirements. From what I understand, once somebody has that, they basically have your identity, period, forever.

the problem is different. the problem isnt storage of SS. the problem is setting up a completely ridiculous system that allows anyone with your SS number to do anything at all. the fault here is that of US government for once again having pants-on-head retarded system.

VincentX3:
It's funny how they got hacked by dial-up internet.

It would be if it wasnt so amazing they still accepted dialup connection types. they are so obsolete most networks dont even bother setting up for them.

As someone who doesn't live in the US of A, what exactly is a social security number and what does it do if it's stolen?

North Korean hackers? Seriously? The NK government couldn't find its arse with both hands, because it has no arse because famine.

fix-the-spade:
So essentially this confirms that Sony has learned absolutely nothing since the PSN hack.

This.

Sony clearly doesn't care about security at all.

Jiggle Counter:
As someone who doesn't live in the US of A, what exactly is a social security number and what does it do if it's stolen?

It's basically your ID number with the government, sort of like a credit card number. Read more on Wikipedia.

This is annoying. Steal movies.. fine. But to leak people's social security numbers is just evil. As an official form of ID (despite promises way back when Social Security became thing in the US of it never being used for ID), it's really treacherous for the individuals. The government really needs to do away with them, credit reporting bureaus need to stop taking them as ID... it's just bad for the individual, really bad.

Also, for all the people complaining about bad security, that is kind of a red herring in this situation. Security is constantly changing. If someone wants that information, they will get it. People forget this, but information security is always one step behind hackers. That is why security protocols constantly need updating and changing. I'm not defending Sony at all, don't get me wrong. Whole new security systems are created all the time, but as soon as hackers find out how to get in, there is no stopping them no matter how an update or updates fix the security holes. Security is a lock, and locks exist to keep honest people honest, but they don't stop criminals.

Jiggle Counter:
As someone who doesn't live in the US of A, what exactly is a social security number and what does it do if it's stolen?

It's an identifier for our Social Security system. At its inception is was promised that it would never be used as ID, but that promise was broken pretty quickly. Originally, it was only meant for the Social Security system and nothing else. But now it's used as an identifier in background checks on credit, which is the worst thing it can be used against you for. People also illegally immigrate into this country and live under false identities using other people's social security numbers which comes with a whole different set of pitfalls. The issue is, so far as the government is concerned, you are your social security number. It's actually a terrible system in them modern world. It wasn't a big deal back when they first started issuing them. But now my whole identity is wrapped up in a string of 9 numbers.

 

Reply to Thread

Posting on this forum is disabled.