Trove of Sony financial data, passwords, movies leaked online

More than 40 gigabytes of Sony Pictures data have been published, and the hackers claim to have taken 100 terabytes.

Nick Ut/AP/File
The hackers who attacked Sony Pictures' network last month have released employee social security numbers, salary data, passwords, and other information online.

The Sony Pictures hack, which took place on November 24 and led to the shutdown of the studio’s entire computer network, unfurls still. This week, hackers anonymously posted personal details of Sony employees – including social security numbers and the salary information for top executives – and copies of four unreleased Sony movies, including “Annie,” which is not scheduled for wide release until close to Christmas.

Then, on Thursday, documents containing thousands of passwords to Sony computers, social media accounts, credit cards, and Web services, were leaked as well.

Sony Pictures is in full damage-control mode. The studio has reset its network and regained control of its sites, and is working with the FBI and security company FireEye to figure out what happened and how to prevent future attacks.

But the scale of the breach is staggering: 40 gigabytes of Sony data have already been posted online, and Guardians of Peace, the hacker group claiming responsibility for the attack, says that's a tiny fraction of the 100 terabytes (100,000 gigabytes) of information it nabbed. (According to Newsweek, the reason the rest of the data hasn’t appeared online yet is because the hackers don’t yet know how to share such a large amount of data.)

Many news reports have speculated that North Korea might have played a role in the hack as payback for “The Interview,” an upcoming Sony comedy starring James Franco and Seth Rogen as journalists who are given an assignment by the CIA to assassinate North Korean leader Kim Jong-Un. In June, the North Korean government said the movie’s release would be an “act of war,” and threatened a “resolute and merciless” response against the US if “The Interview” wasn’t banned.

But an anonymous North Korean diplomat denied that his country had anything to do with the Sony Pictures hack, telling the Voice of America that North Korea is “follow[ing] international norms banning hacking and piracy.” Sam Kassoumeh, the chief executive of analytics company ScoreCard, speculated in a phone conversation with Ars Technica that one or more Sony employees might have enabled the hack to happen, possibly in retaliation for layoffs the company made earlier this year.

The leaked passwords show that Sony Pictures could take its internal data security a little more seriously. Many of the passwords are stored unencrypted in Excel spreadsheets and Word files with names like “password list.xls.” BuzzFeed reports that many of the passwords were common words with numbers added to the end – precisely the kind of weak password security experts warn us not to use.

Since the hack, Sony Pictures has secured its accounts – and presumably tightened its password policies – but there’s no telling what other sensitive information the hackers gained that could still be published online.

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.