The recent hack of Sony Pictures has proved to be more damaging than first thought after the personal details of several major Hollywood stars were revealed.
Sony Pictures admitted late last month that it was hacked by #GOP, thought to be a group called Guardians of Peace, initially thought to originate from North Korea, although officials have denied it was behind the hack.
“Hacked By #GOP,” it reads, “Warning: We’ve already warned you, and this is just a beginning. We continue till our request be met. We’ve obtained all your internal data, including your secrets and top secrets. If you don’t obey us, we’ll release data shown below to the world. Determine what will you do till November the 24th, 11:00 PM (GMT).”
But now the hackers have exposed the personal details of some Hollywood stars, as well other details. According to Bloomberg, the hackers exposed salaries at Deloitte Touche and studio head Michael Lynton’s credit-card number. But they reserved their full attention for the film “The Interview,” a Seth Rogen comedy about a plot to kill to the leader of North Korea.
According to files posted on the file-sharing site Pastebin, Seth Rogen was paid $8.4m (£5.4m) plus for the movie, which cost $44m (£28m) to make. Co-star James Franco received $6.5m (£4.1m), while Britney Spears’ ex-husband Kevin Federline is listed as getting $5,000 (£3,187) for a cameo.
The hackers also revealed documents about executive pay, social security numbers of employees and movie stars, scripts for not-yet-aired TV shows, as well as putting five Sony films online for free at file-sharing websites alongside employee reviews.
And it seems that Sony Pictures was guilty of poor internal security procedures. It has been reported that Sony had kept their users’ passwords in a folder called “passwords”.
“The fact that Sony had thousands of passwords in a folder called Password is not the problem, the problem is that they were not properly encrypted!” said Lancope CTO, TK Keanini. “Think about it for a second. It is a good practice to use a password manager, and that is essentially keeping everything in a folder called password with one major difference – it is properly encrypted so that even if the adversary had it in their possession, they cannot read it without proper credentials.”
“There were many major mistakes made at Sony, but the question everyone should be asking is why does it take a major incident to find these mistakes, why didn’t anyone catch these incredibly obvious insecurities prior to the incident and fix them?” asked Keanini.
“Companies in the information age need to understand that they are all software companies and need proper information security. The movie industry, like the music industry, woke up one morning to realize that they were now a software company with most of their media in information form,” the security expert said. “This same transition is happening with the healthcare industry as medical records all lose their physical forms and with that their physical security.”
Sony is having a torrid time of it on the security front. In August, Sony’s PlayStation Network was taken offline for several hours by a distributed denial-of-service (DDoS) attack, that also affected other online gaming networks, including Blizzard’s Battle.net, Grinding Gear Games and Microsoft’s Xbox Live.
Sony’s most serious hack was back in 2011. That attack on the Playstation Network took it offline for a week, and led to the compromise of 77 million users’ credit card details. The damage and fallout however from this new hack could be potentially much worse.
How well do you know data security? Take our quiz!
US introduces export controls on design software and substrate materials to block Chinese companies from…