The latest turn in the Sony hack occurred on Friday as multiple employees of Sony Pictures received an email allegedly from the individual or group responsible for the cyber attack. The email includes threatening language to Sony employees’ family members. Earlier in the day, new broke that the studio had saved thousands of company passwords in a folder called “passwords”. It forms part of a host of folders which have been posted online that also contain the personal details - including social security numbers - of 47,000 employees, including Hollywood stars Sylvester Stallone and Judd Apatow. Sony Pictures was hacked at the end of last month, with the company’s internal IT systems taken offline by a group calling themselves the Guardians of Peace or GOP, with some claiming they had links to North Korea.
Nobody can prevent us, but the only way is to follow our demand. If you want to prevent us, make your company behave wisely.
Sony email, allegedly from the hacking group, that was sent to some employees
The hackers are reported to have said they were aided by Sony employees. The attack could be in retaliation to the new James Franco and Seth Rogen movie where the two play journalists tasked with assassinating North Korean leader Kim Jong-Un. Both actors’ salaries for the movie have already appeared online as part of the leak. The attack also leaked Brad Pitt’s Fury online in high quality and sensitive data including home address and pay details of current and past employees, in one case dating back to 1955. Social media account password for major movie accounts were also part of the documents.
It’s just inconceivable someone these days would store sensitive data in a folder named password and certainly not an organisation that should have a very clear IT policy on good practice and safe storage of data.
Mark James, security specialist at anti-virus and web security firm ESET