From details of named employees’ medical histories to an unreleased pilot script written by the creator of Breaking Bad , the unprecedented leak of Sony Pictures data will reverberate for a long time to come.
A hack, which some believe may have come from North Korea, will spice up this month's launch of "The Interview", a comedy about trying to kill the leader of North Korea.
Columbia Pictures
After sifting through almost 40 gigabytes of leaked internal data, one thing is clear: Sony Pictures appears to have suffered the most embarrassing and all-encompassing hack of internal corporate data ever made public.
The data dump, which was reviewed extensively by BuzzFeed News, includes employee criminal background checks, salary negotiations and doctor's letters explaining the medical rationale for leaves of absence. There are spreadsheets containing the salaries of 6,800 global employees, along with social security numbers for 3,500 U.S. staff. And there is extensive documentation of the company's operations, ranging from the script for an unreleased pilot written by Breaking Bad creator Vince Gilligan to the results of sales meetings with local TV executives.
The documents made public this weekend, covering the company's human resources, sales and marketing teams, among others, are just a fraction of approximately 100 terabytes of data the hackers claim to have taken from Sony. They say it will all be made freely available online, once they figure out how to distribute such an enormous amount of information.
A Sony Pictures spokesperson declined to comment on the specifics of the data released, but shared a brief statement saying the company "continues to work through issues related to what was clearly a cyber attack last week." Sony is "working closely with law enforcement officials to investigate the matter," it said.
The hackers, who call themselves the Guardians Of Peace, took credit for the attack this weekend, emailing members of the media with links to download dozens of compressed files, each containing vast troves of data stolen from the servers of Sony Pictures. Earlier, the hackers leaked high-quality video files of five unreleased Sony films. The box office impact of that release, analysts told BuzzFeed News, probably won't be that bad. But the broader cost to Sony of this new round of leaks — to its reputation, its employee morale, and its commercial standing — seems impossible to estimate.
The leak is particularly embarrassing because it comes just three and a half years after Sony and its gaming customers suffered through a three week long hacking nightmare that brought the company's Playstation gaming networks offline and compromised the personal and financial information of up to 25 million customers (though the company did not confirm how many accounts had financial information stolen).
In the days after the April 2011 breach, Sony enlisted three independent computer security and forensic consulting firms to assess its security infrastructure and identify the culprit of the hack, according to a letter from Sony to members of Congress. In the letter, Sony defended its decision to wait five days to admit its security had been compromised and called on the government to help make the internet safer. "We ask the Committee to consider as well the connection between data security and the cybercrimes and cyber terrorism that threaten to make the Internet unsafe for consumers and commerce," the letter read.
Years after that hack, Sony Pictures still seems to have a long way to go. One of the files leaked this weekend was a word document titled "Passwords" that contained an executive's computer, LotusNotes, and American Express usernames and passwords, as well as Amex credit card numbers, expiration dates, and 4 digit security codes.
An entrance gate to the Sony Pictures lot in Culver City, California
Fred Prouser / Reuters
The roughly 40 gigabytes of company information now available online sat on company servers without encryption, with a vast majority of the sensitive personal and financial files containing no password protection. Currently, the stolen data trove is available to download, potentially placing the information in the hands of any hacker, scammer, criminal, media organization or curious citizen who knows their way around a torrent file.
Sony Pictures employees now face the grim prospect of extremely personal information bouncing around the internet forever. The documents lifted from company servers include email exchanges with employees regarding specific medical treatments they are undergoing, while one disciplinary letter details a manager's romantic relationship and business travel history with a subordinate. None of the names on any of the files are redacted.
In some cases, extensive stores of personal employee files — documents that have nothing to do with Sony corporate business — were included in the breach. One document swept up in the hack outlines the breastfeeding diet of a senior executive.
Leaked performance evaluations cover, sometimes in great detail, how individual employees failed to live up to the expectations of their managers. There are also detailed compensation reports for Sony's executives, including their last three years of compensation at Sony, their target bonus, actual bonus, and base salary. It also compares them to similarly situated employees in other companies and reviews their proposed contracts for the next three years.
Alongside that: Salary information on almost 7,000 employees, from those on multimillion-dollar contracts to those earning less than $21,000.
Some believe the leak may have been the work of hackers backed by the North Korean government, which has expressed outrage at an upcoming Sony Pictures comedy film, The Interview, which is built around an attempt to assassinate North Korean leader Kim Jong Un. North Korean officials have previously described the unreleased film as an act of war, and in a letter to UN Secretary General Ban Ki-moon, the country's United Nations ambassador said the film was a form of terrorism.
When asked by the BBC on Tuesday if their country was responsible for the Sony Pictures hack, a North Korean government spokesperson replied "wait and see."
And this may be just the beginning. "We have much more interesting data," the hackers said in an email sent to media, including BuzzFeed News. "If you find special interest, send an email."
Matthew Zeitlin, Joe Bernstein, and Anne Helen Petersen also contributed reporting to this story.
via IFTTT
No comments:
Post a Comment