Sony Pictures corporate files stolen and released in cyberattack

Sony Pictures Entertainment's internal network was reportedly hijacked this week, and it seems corporate data has leaked on to the web.
Written by Charlie Osborne, Contributing Writer
Screen Shot 2014-11-28 at 11.55.27

Sony has quite the history with hacking and cyberattacks affecting its networks, and now a subsidiary of the company is coping with intrusion on internal networks.

Sony Pictures Entertainment, the television and movie arm of the tech giant, was hijacked this week. On Monday, employees at the company discovered a skull and message from either a group or individual on Sony's systems, threatening the leak of sensitive corporate data unless particular demands were met.

On Monday, the Sony website also reportedly displayed a message showing "#GOP," which may indicate a group called Guardians of Peace was behind the attack. The message read:

We've already warned you and this is just a beginning. We've obtained all your internal data including your secrets and top secrets [which will be released] if you don't obey us.

As reported by Ars Technica, several Twitter accounts belonging to the company were also briefly taken over, stating that CEO Michael Lynton "will surely go to hell," and displaying an image showing the executive's head within a hellish landscape.

Sony employees reportedly say the computer network was shut down as a precaution and it could take weeks before the situation is resolved.

In the meantime, data potentially stolen from Sony in order to make the tech giant bow to their demands has found its way online. A Reddit thread surrounding the security problem claims that the data includes files with passwords, password hints and copies of passports from actors who have starred in Sony films, as well as production crews.

The downloadable copy — which is now also available through torrent software — includes text files that list the data allegedly stolen, and email addresses for those who want the data to contact. The lists include a variety of information, including: 

  • .PDF files containing passwords and identity documents
  • Spreadsheets laden with passwords for accounting and research, as well as a file called "CA Breach Notification for User Names and Passwords (MoFo),"
  • Hundreds of Outlook .pst mailboxes
  • IT audit documents
  • Media files related to films not produced by Sony

Sony issued a statement concerning the network breach, curtly saying the company is investigating the "IT matter."

The firm has experience with security issues in the past. Sony's PlayStation network suffered a catastrophic breach in 2011 that resulted in the leak of personal information belonging to over 77 million users and cost the company over $15 million in compensation claims. Earlier this year, the electronics giant was hit by a DDoS attack, and threats to the president of Sony's Online Entertainment division, John Smedley, forced the executive's plane to be grounded.

Read on: In the world of security

Editorial standards