Sony Hack Reveals Personal Details Of Film Stars

The recent hack of Sony Pictures has proved to be more damaging than first thought after the personal details of several major Hollywood stars were revealed.

Sony Pictures admitted late last month that it was hacked by #GOP, thought to be a group called Guardians of Peace, initially thought to originate from North Korea, although officials have denied it was behind the hack.

Blackmail Hack

The hack seemed to be a blackmail attempt, as the #GOP hackers also defaced a number of staff computers, with the following message.

“Hacked By #GOP,” it reads, “Warning: We’ve already warned you, and this is just a beginning. We continue till our request be met. We’ve obtained all your internal data, including your secrets and top secrets. If you don’t obey us, we’ll release data shown below to the world. Determine what will you do till November the 24th, 11:00 PM (GMT).”

But now the hackers have exposed the personal details of some Hollywood stars, as well other details. According to Bloomberg, the hackers exposed salaries at Deloitte Touche and studio head Michael Lynton’s credit-card number. But they reserved their full attention for the film “The Interview,” a Seth Rogen comedy about a plot to kill to the leader of North Korea.

According to files posted on the file-sharing site Pastebin, Seth Rogen was paid $8.4m (£5.4m) plus for the movie, which cost $44m (£28m) to make. Co-star James Franco received $6.5m (£4.1m), while Britney Spears’ ex-husband Kevin Federline is listed as getting $5,000 (£3,187) for a cameo.

The hackers also revealed documents about executive pay, social security numbers of employees and movie stars, scripts for not-yet-aired TV shows, as well as putting five Sony films online for free at file-sharing websites alongside employee reviews.

Shoddy Password Protection

And it seems that Sony Pictures was guilty of poor internal security procedures. It has been reported that Sony had kept their users’ passwords in a folder called “passwords”.

“The fact that Sony had thousands of passwords in a folder called Password is not the problem, the problem is that they were not properly encrypted!” said Lancope CTO, TK Keanini. “Think about it for a second. It is a good practice to use a password manager, and that is essentially keeping everything in a folder called password with one major difference – it is properly encrypted so that even if the adversary had it in their possession, they cannot read it without proper credentials.”

“There were many major mistakes made at Sony, but the question everyone should be asking is why does it take a major incident to find these mistakes, why didn’t anyone catch these incredibly obvious insecurities prior to the incident and fix them?” asked Keanini.

“Companies in the information age need to understand that they are all software companies and need proper information security. The movie industry, like the music industry, woke up one morning to realize that they were now a software company with most of their media in information form,” the security expert said. “This same transition is happening with the healthcare industry as medical records all lose their physical forms and with that their physical security.”

Sony is having a torrid time of it on the security front. In August, Sony’s PlayStation Network was taken offline for several hours by a distributed denial-of-service (DDoS) attack, that also affected other online gaming networks, including Blizzard’s, Grinding Gear Games and Microsoft’s Xbox Live.

Sony’s most serious hack was back in 2011. That attack on the Playstation Network took it offline for a week, and led to the compromise of 77 million users’ credit card details. The damage and fallout however from this new hack could be potentially much worse.

How well do you know data security? Take our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Google Must Face Trial In Ad Tech Monopoly Case

Google loses bid for summary judgement as judge says 'too many facts in dispute' as…

5 hours ago

Silicon In Focus Podcast: Feeding the Machine

Learn how your business can meet the challenges associated with managing data across multiple platforms…

5 hours ago

Apple, Meta Likely To Face EU Antitrust Charges

Apple, Facebook parent Meta reportedly likely to face EU antitrust charges before August under new…

5 hours ago

Adobe Shares Jump On AI Success

Adobe shares post biggest gains in more than four years after it reports user take-up…

6 hours ago

Winklevoss’ Gemini To Pay $50m In Crypto Fraud Settlement

Winklevoss twins' Gemini Trust to pay $50m to settle cypto fraud claims over failed Gemini…

6 hours ago

Meta Delays EU AI Launch After Privacy Complaints

Meta delays Europe launch of AI in Europe after user, privacy group complaints over plans…

7 hours ago