Sony Hack Reveals Personal Details Of Film Stars

The recent hack of Sony Pictures has proved to be more damaging than first thought after the personal details of several major Hollywood stars were revealed.

Sony Pictures admitted late last month that it was hacked by #GOP, thought to be a group called Guardians of Peace, initially thought to originate from North Korea, although officials have denied it was behind the hack.

Blackmail Hack

The hack seemed to be a blackmail attempt, as the #GOP hackers also defaced a number of staff computers, with the following message.

“Hacked By #GOP,” it reads, “Warning: We’ve already warned you, and this is just a beginning. We continue till our request be met. We’ve obtained all your internal data, including your secrets and top secrets. If you don’t obey us, we’ll release data shown below to the world. Determine what will you do till November the 24th, 11:00 PM (GMT).”

But now the hackers have exposed the personal details of some Hollywood stars, as well other details. According to Bloomberg, the hackers exposed salaries at Deloitte Touche and studio head Michael Lynton’s credit-card number. But they reserved their full attention for the film “The Interview,” a Seth Rogen comedy about a plot to kill to the leader of North Korea.

According to files posted on the file-sharing site Pastebin, Seth Rogen was paid $8.4m (£5.4m) plus for the movie, which cost $44m (£28m) to make. Co-star James Franco received $6.5m (£4.1m), while Britney Spears’ ex-husband Kevin Federline is listed as getting $5,000 (£3,187) for a cameo.

The hackers also revealed documents about executive pay, social security numbers of employees and movie stars, scripts for not-yet-aired TV shows, as well as putting five Sony films online for free at file-sharing websites alongside employee reviews.

Shoddy Password Protection

And it seems that Sony Pictures was guilty of poor internal security procedures. It has been reported that Sony had kept their users’ passwords in a folder called “passwords”.

“The fact that Sony had thousands of passwords in a folder called Password is not the problem, the problem is that they were not properly encrypted!” said Lancope CTO, TK Keanini. “Think about it for a second. It is a good practice to use a password manager, and that is essentially keeping everything in a folder called password with one major difference – it is properly encrypted so that even if the adversary had it in their possession, they cannot read it without proper credentials.”

“There were many major mistakes made at Sony, but the question everyone should be asking is why does it take a major incident to find these mistakes, why didn’t anyone catch these incredibly obvious insecurities prior to the incident and fix them?” asked Keanini.

“Companies in the information age need to understand that they are all software companies and need proper information security. The movie industry, like the music industry, woke up one morning to realize that they were now a software company with most of their media in information form,” the security expert said. “This same transition is happening with the healthcare industry as medical records all lose their physical forms and with that their physical security.”

Sony is having a torrid time of it on the security front. In August, Sony’s PlayStation Network was taken offline for several hours by a distributed denial-of-service (DDoS) attack, that also affected other online gaming networks, including Blizzard’s Battle.net, Grinding Gear Games and Microsoft’s Xbox Live.

Sony’s most serious hack was back in 2011. That attack on the Playstation Network took it offline for a week, and led to the compromise of 77 million users’ credit card details. The damage and fallout however from this new hack could be potentially much worse.

How well do you know data security? Take our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Google Defamation Ruling Overturned By Australian High Court

Notable intervention in Australian libel laws, after High Court overturns ruling against Google, over hyperlink…

30 mins ago

Apple Orders Staff Back To Office, Three Days A Week

Memo from Tim Cook tells Apple staff in the Bay area, that from next month,…

2 hours ago

Silicon UK In Focus Podcast: Configuring Security

Do businesses need a radical change in how they approach access security? Does a shift…

2 hours ago

New US Export Controls Target China Semiconductor Firms

US introduces export controls on design software and substrate materials to block Chinese companies from…

1 day ago

US Judge Approves Apple Settlement In Retail Class Action Lawsuit

US federal judge approves settlement offered by Apple in nearly decade-old case over compensation for…

1 day ago

Ola Plans Premium Electric Car For Indian Market

SoftBank-backed ride-hailing firm Ola Electric announces range of electric cars starting in 2024 following success…

1 day ago