Sony Pictures Hack: Global employee database showing healthcare and salary information traded online
PlayStation server used to spread leaked data
The fallout from the destructive cyber-attack on the networks of Sony Pictures which happened last week, is set to continue as sensitive personal and financial information about almost 7,0000 employees is being traded online.
The hackers who claimed credit for breaching the security of Sony Pictures, released a huge trove of stolen data from the TV and film studio which includes a giant Microsoft Excel database which is a global database of all Sony Pictures employees.
Security researcher Brian Krebs reports that he has seen the file which is currently being traded on torrent networks and it includes the name, location, employee ID, network username, base salary and date of birth for more than 6,800 individuals.
While Sony Pictures has not commented on the validity of the leak, checking the names against people found on LinkedIn, Krebs suggests the file is real and the details are up to date.
Tax records
The global employee database is not the only file stolen from the studio which is being traded online, with "another file appears to be a status report from April 2014 listing the names, dates of birth, [social security numbers] and health savings account data on more than 700 Sony employees."
There is also a file showing an internal audit carried out by accountancy firm Pricewaterhouse Coopers which includes includes screenshots of dozens of employee federal tax records and other compensation data.
The attack on Sony Pictures was carried out by a mysterious group of hackers known as the Guardians of Peace or GOP, who claim to have "tens of terabytes" of information stolen from the hard drives of computers at the studio.
The hackers have already released copies of five of Sony's films onto torrent sites including the Brad Pitt film Fury and the yet-to-be-released remake of Annie.
Sony Pictures have called in the FBI to investigate the attack as well as retaining the services of security experts Mandiant.
Reports in the last couple of days have suggested the attackers are working for the North Korean government and the reason for the attack on the studio is the upcoming release of the film The Interview. The film depicts a CIA plot to assassinate North Korean leader Kim Jong-Un and stars James Franco and Seth Rogen.
The FBI has issued a "flash warning" to all US businesses that "hackers have used malicious software to launch a destructive cyber-attack in the United States", marking the first major destructive cyber-attack waged against a company on US soil.
PlayStation server breach
Krebs, who has seen the FBI memo, adds that the report also says the language pack referenced by the malicious files is Korean, adding weight to the suggestion that the attack emanated from that part of the world.
The problems for Sony Pictures continue, with the studio struggling to get all of its systems back up and running, even eight days after the attack took place. Sony has brought back some systems on line, focusing first on those from which it generates revenues, including those involved with marketing and distributing its films and TV shows.
However, as well as the leaked data, there is a potentially bigger problem on the horizon for the company.
Security researcher Dan Tentler has uncovered proof that Sony's own PlayStation Network servers are being utilised by the hackers to serve up some of the 27GB of stolen data.
"Basically the attackers have hit Sony so hard that their main front-end web servers for the PlayStation Network are the machines serving up the compromised data," Tentler told Forbes.
While Sony Pictures and the Sony's PlayStation divisions are entirely separate, Tentler suggests that as there may be some crossover in promoting games based on films (such as the Transformers franchise) some of the email accounts compromised in the attack would have access to the servers.
"Think of it this way – if anyone in the organisation had email correspondence with someone at the PlayStation Network and talked about keys or credentials or whatever, then the attackers would have access to that data."
Sony has remained tight-lipped about the true extent of the problems caused by the attack, and while many security experts are privately confirming that that North Korea is the culprit, there has been very little hard evidence produced so far to back this up.
© Copyright IBTimes 2024. All rights reserved.