- Devin Nunes is suing Twitter over parody accounts of his mom, cow Monday 8:15 PM
- The best new movies at SXSW 2019 Monday 7:55 PM
- #AbledsAreWeird demonstrates how not to treat people with disabilities Monday 7:33 PM
- YouTubers keep uploading racist meme anthem played by New Zealand shooter Monday 5:38 PM
- Myspace confirms that a decade-plus of user-uploaded music is gone Monday 5:03 PM
- ‘Love, Death & Robots’ suffers from blatant sexism Monday 4:38 PM
- Khloe Kardashian faces backlash for Instagram post saying to ‘love thy racist neighbor’ Monday 4:07 PM
- This Twitter user wants to expose white YouTubers for racist, transphobic content Monday 3:55 PM
- Trump retweeted a QAnon supporter during his Twitter bender Monday 1:24 PM
- Katrina Pierson supports Trump tweeting more about Fox than New Zealand shooting Monday 1:19 PM
- PewDiePie’s alt-right ties are impossible to ignore Monday 1:05 PM
- With this blade, I protect this meme Monday 12:48 PM
- Lead actress in ‘The Color Purple’ revival criticized for homophobic post Monday 12:39 PM
- ‘Arrested Development’ ends the same way it did the first time—unceremoniously Monday 12:10 PM
- Alleged gunman tried to rob YouTuber Adam22 during livestream Monday 11:32 AM
The hack is over—but the company’s woes have just begun.
As researchers and media organisations continue to dig through the mammoth quantities of highly-sensitive internal company documents released after an unprecedented hack on Sony Pictures, serious questions are being raised about the Hollywood studio’s security procedures—with one former employee describing the “information security team” as a “complete joke.”
Gawker is reporting that within the terabytes of information leaked, thousands of passwords were stored in plaintext, with no attempt made to encrypt them. One file was helpfully named “Master_Password_Sheet.”
The nature of the passwords vary from the personal to the corporate—which may explain how the hackers, an anonymous group going by the moniker “Guardians of Peace,” was able to gain access to Sony-related social media accounts.
Some of these passwords are “tied to financial accounts like American Express,” or are attached to personal employee details.
Others were saved in a plain sight, in a folder named “Password,” BuzzFeed reports, and include logins for pricey subscriptions news services including Bloomberg and Lexis/Nexis.
“It’s pretty common, I’ve seen, for large non-progressive organisations… to have precariously old ways of thinking,” a security expert told Gawker, “like that ‘their firewall will save them.’”
Meanwhile, a former Sony employee has spoken scathingly about the company’s security.
“Sony’s ‘information security team’ is a complete joke,” they told Fusion. “We’d report security violations to them and our repeated reports were ignored. For example, one of our Central European website managers hired a company to run a contest, put it up on the TV network’s website and was collecting personally identifying information without encrypting it.”
In another incident, “a hack of our file server about a year ago turned out to be another employee who left himself logged into the network (and our file server) in a cafe.”
“The real problem lies in the fact that there was no real investment in or understanding of what information security is,” said another former employee.
The data released in the hack—which is around a hundred terabytes in size—includes tens of thousands of social security numbers, personal addresses, detailed medical information and dates of birth for those on the Sony payroll, as well as screeners for upcoming films.
Sony isn’t the only company who’s security credentials may be called into question over the hack. Deloitte has also suffered the leak of thousands of employees’ details due to a former employee keeping the files—which as the New York Times points out, is excruciatingly embarrassing for a company that “aggressively [markets] its digital threat intelligence services and has been providing advice to corporations about how to protect data from employee leaks.”
H/T Gawker | Illustration by Rob Price
Rob Price is a technology and politics reporter who served as the U.K.-based morning editor for the Daily Dot until 2014. He now works as the news editor for Business Insider, and his work has appeared in Vice, Slate, the Washington Post, and the Independent.