- Animator for Netflix’s ‘Carmen Sandiego’ says he was fired after asking for fair pay Sunday 3:17 PM
- YouTube reverses decision to remove creators’ badges Sunday 1:47 PM
- How video game developer Valve got served secret subpoena as part of FBI’s counterterrorism fight Sunday 12:31 PM
- Aron Eisenberg, ‘Star Trek: Deep Space Nine’ actor, dead at 50 Sunday 11:35 AM
- Who needs glass slippers? This Cinderella cosplayer upgraded with a stunning glass arm Sunday 10:19 AM
- How to check if Yahoo owes you $358 Sunday 9:25 AM
- How to stream Bears vs. Redskins on Monday Night Football Sunday 7:00 AM
- What are the best alternatives to the electoral college? Sunday 6:30 AM
- The best PS4 games you can’t play anywhere else Sunday 6:00 AM
- How to watch the 2019 Emmy Awards Sunday 5:00 AM
- How to stream ‘Power’ season 6, episode 5 Sunday 4:00 AM
- Former developer at software company deletes his code to protest its ties to ICE Saturday 4:21 PM
- A mysterious website is doxing Hong Kong protesters and journalists Saturday 1:44 PM
- The best ‘Skyrim’ followers and how to get them Saturday 1:26 PM
- Why Joel Osteen gets cyberbullied every time Houston floods Saturday 12:40 PM
Sony’s IT security is a ‘joke,’ say former employees
The hack is over—but the company’s woes have just begun.
As researchers and media organisations continue to dig through the mammoth quantities of highly-sensitive internal company documents released after an unprecedented hack on Sony Pictures, serious questions are being raised about the Hollywood studio’s security procedures—with one former employee describing the “information security team” as a “complete joke.”
Gawker is reporting that within the terabytes of information leaked, thousands of passwords were stored in plaintext, with no attempt made to encrypt them. One file was helpfully named “Master_Password_Sheet.”
The nature of the passwords vary from the personal to the corporate—which may explain how the hackers, an anonymous group going by the moniker “Guardians of Peace,” was able to gain access to Sony-related social media accounts.
Some of these passwords are “tied to financial accounts like American Express,” or are attached to personal employee details.
Others were saved in a plain sight, in a folder named “Password,” BuzzFeed reports, and include logins for pricey subscriptions news services including Bloomberg and Lexis/Nexis.
“It’s pretty common, I’ve seen, for large non-progressive organisations… to have precariously old ways of thinking,” a security expert told Gawker, “like that ‘their firewall will save them.’”
Meanwhile, a former Sony employee has spoken scathingly about the company’s security.
“Sony’s ‘information security team’ is a complete joke,” they told Fusion. “We’d report security violations to them and our repeated reports were ignored. For example, one of our Central European website managers hired a company to run a contest, put it up on the TV network’s website and was collecting personally identifying information without encrypting it.”
In another incident, “a hack of our file server about a year ago turned out to be another employee who left himself logged into the network (and our file server) in a cafe.”
“The real problem lies in the fact that there was no real investment in or understanding of what information security is,” said another former employee.
The data released in the hack—which is around a hundred terabytes in size—includes tens of thousands of social security numbers, personal addresses, detailed medical information and dates of birth for those on the Sony payroll, as well as screeners for upcoming films.
Sony isn’t the only company who’s security credentials may be called into question over the hack. Deloitte has also suffered the leak of thousands of employees’ details due to a former employee keeping the files—which as the New York Times points out, is excruciatingly embarrassing for a company that “aggressively [markets] its digital threat intelligence services and has been providing advice to corporations about how to protect data from employee leaks.”
H/T Gawker | Illustration by Rob Price
Rob Price is a technology and politics reporter who served as the U.K.-based morning editor for the Daily Dot until 2014. He now works as the news editor for Business Insider, and his work has appeared in Vice, Slate, the Washington Post, and the Independent.