Support NeoGAF

[Draugoth]

Sony Interactive Entertainment has confirmed that around 6,800 current and former employees have had their personal information exposed.

As reported by BleepingComputer, the PlayStation maker has been contacting those affected and letting them know what happened.

According to Sony, the breach involved the MOVEit file transfer platform used by SIE employees, which is developed by third-party IT vendor Progress Software.

Progress announced on May 31 that it had discovered a vulnerability in MOVEit, but three days before this, an “unauthorised actor” had already used the vulnerability to download SIE files, accessing personal information for 6,791 current and former SIE employees based in the United States.

Sony claims the incident was limited to this particular software platform and had no impact on its other systems.

 

[Unknown?]

All companies should keep this crap on paper.

 

[FoxMcChief]

I wonder if this includes the folk that were laid off.

“Bye! Oh, and sorry for compromising your personal info. And don’t tell people.”

 

[Elder Legend]

Lawsuit incoming?

 

[shaddam]

Never heard of this before.

 

[Thick Thighs Save Lives]

Phew, no customer data breach means I don't have to cancel my CC.

 

[Gudji]

No free games?

 

[RagnarokIV]

No free games...

Edit: beaten to it!

 

[TheThreadsThatBindUs]

Wonder if they found the IT admin's secret porn folder?

 

[RagnarokIV]

Wonder if they found the IT admin's secret porn folder?

They'll never find C:\Program Files\Lucas Arts\Jedi Knight II\Stuff\More Stuff\nothing here\Pr0n

 

[Unknown?]

No free games?

Only for employees! Plus a pizza party.

 

[AlphaDump]

Damn.. that MoveIT vulnerability has popped a lot of organizations. Gotta patch your shit.

 

[TheThreadsThatBindUs]

They'll never find C:\Program Files\Lucas Arts\Jedi Knight II\Stuff\More Stuff\nothing here\Pr0n

Careful not to bury your vids too deep in the subfolder breadcrumbs. You'll hit the 255 character limit on files with long filenames and render those files unacceassible.

 

[nowhat]

Never heard of this before.

It was a huge breach not so long time ago. Many others apart from Sony were affected:

Unpacking the MOVEit Breach: Statistics and Analysis

How many organizations were affected by the MOVEit attack? This post looks at the statistics, and how we may be able to prevent similar attacks in future.

www.emsisoft.com

 

[Kilau]

After the Equifax hack, I just drive around like the LifeLock guy.

Spoiler

His identity was stolen over a dozen times in the first year lol.

 

[nowhat]

Not a good look for Sony for sure (although they certainly weren't the only ones affected), but this is not ransomware, nor do the script kiddies have "all of Sony's data".

 

[Fermbiz]

 

[adamsapple]

Jim left into hiding before his emails became public.

 

[nowhat]

Jim left into hiding before his emails became public.

At least Sony doesn't publish their emails by themselves.

 

[K' Dash]

It was a huge breach not so long time ago. Many others apart from Sony were affected:

Unpacking the MOVEit Breach: Statistics and Analysis

How many organizations were affected by the MOVEit attack? This post looks at the statistics, and how we may be able to prevent similar attacks in future.

www.emsisoft.com

was it something related to their security or did someone got their password stolen with a phishing email?

 

[nowhat]

was it something related to their security or did someone got their password stolen with a phishing email?

It was a vulnerability in a third-party file transfer program used by many (not just Sony by far, as the link will tell you). A particularly nasty vulnerability at that, which allowed remote code execution/access, and it was a true zero-day (meaning there was no patch when it started being exploited).