- AT&T paid Michael Cohen to consult on net neutrality, FBI documents show 5 Years Ago
- Mysterio’s ruse changes on a second viewing of ‘Far From Home’ 5 Years Ago
- Twitter overturns Barrett Brown’s third permanent suspension Today 8:49 AM
- How to live stream Liga MX Today 7:56 AM
- The QBaby’s parents are already trying to profit off their kid’s fame Today 7:45 AM
- How do 4DX movies work? Today 7:00 AM
- ‘Terminator 2’s John Connor will return for ‘Terminator: Dark Fate’ Today 6:41 AM
- What are all these ‘Game of Thrones’ fans supposed to do now? Today 6:00 AM
- The new ‘Cats’ trailer is here to make you want to claw your eyes out Thursday 7:59 PM
- Bella Thorne claims Tana Mongeau ‘broke girl code’ in a series of messy tweets Thursday 7:00 PM
- Redditors keep this data engineer’s plants alive for him Thursday 5:20 PM
- Professor writes article defending ‘Asian romantic preference’—and no one is here for it Thursday 4:57 PM
- Ditch Pornhub and support adult content creators instead Thursday 4:46 PM
- Fans grieve Kyoto Animation Studio fire with #PrayforKyoAni Thursday 4:18 PM
- Netflix’s ‘Secret Obsession’ isn’t just terrible—it’s boring as hell Thursday 3:30 PM
The hack is over—but the company’s woes have just begun.
As researchers and media organisations continue to dig through the mammoth quantities of highly-sensitive internal company documents released after an unprecedented hack on Sony Pictures, serious questions are being raised about the Hollywood studio’s security procedures—with one former employee describing the “information security team” as a “complete joke.”
Gawker is reporting that within the terabytes of information leaked, thousands of passwords were stored in plaintext, with no attempt made to encrypt them. One file was helpfully named “Master_Password_Sheet.”
The nature of the passwords vary from the personal to the corporate—which may explain how the hackers, an anonymous group going by the moniker “Guardians of Peace,” was able to gain access to Sony-related social media accounts.
Some of these passwords are “tied to financial accounts like American Express,” or are attached to personal employee details.
Others were saved in a plain sight, in a folder named “Password,” BuzzFeed reports, and include logins for pricey subscriptions news services including Bloomberg and Lexis/Nexis.
“It’s pretty common, I’ve seen, for large non-progressive organisations… to have precariously old ways of thinking,” a security expert told Gawker, “like that ‘their firewall will save them.’”
Meanwhile, a former Sony employee has spoken scathingly about the company’s security.
“Sony’s ‘information security team’ is a complete joke,” they told Fusion. “We’d report security violations to them and our repeated reports were ignored. For example, one of our Central European website managers hired a company to run a contest, put it up on the TV network’s website and was collecting personally identifying information without encrypting it.”
In another incident, “a hack of our file server about a year ago turned out to be another employee who left himself logged into the network (and our file server) in a cafe.”
“The real problem lies in the fact that there was no real investment in or understanding of what information security is,” said another former employee.
The data released in the hack—which is around a hundred terabytes in size—includes tens of thousands of social security numbers, personal addresses, detailed medical information and dates of birth for those on the Sony payroll, as well as screeners for upcoming films.
Sony isn’t the only company who’s security credentials may be called into question over the hack. Deloitte has also suffered the leak of thousands of employees’ details due to a former employee keeping the files—which as the New York Times points out, is excruciatingly embarrassing for a company that “aggressively [markets] its digital threat intelligence services and has been providing advice to corporations about how to protect data from employee leaks.”
H/T Gawker | Illustration by Rob Price
Rob Price is a technology and politics reporter who served as the U.K.-based morning editor for the Daily Dot until 2014. He now works as the news editor for Business Insider, and his work has appeared in Vice, Slate, the Washington Post, and the Independent.