- Conservatives want a war on porn. It’s puritanical sex values that need to go 5 Years Ago
- The year in Meghan McCain news cycles Today 6:30 AM
- Why Tumblr is totally obsessed with 2 characters from Stephen King’s ‘It’ Today 6:00 AM
- Game developer Chucklefish accused of whitewashing characters of color Monday 5:22 PM
- Apple TV’s ‘Hala’ is a silent explosion of a coming-of-age film Monday 5:20 PM
- This new video game apparently lets you play Jesus Monday 4:02 PM
- Golden toilet creator sells world’s most expensive banana—only for another artist to eat it Monday 3:24 PM
- This new Chinese video game lets players attack Hong Kong protesters Monday 3:05 PM
- These TikTok videos that recreate NPC interactions from Skyrim are honestly incredible Monday 2:40 PM
- John Legend defends pro-consent ‘Baby It’s Cold Outside’ lyrics Monday 2:38 PM
- Video shows UC Berkeley student using racial slurs, making homophobic comments Monday 2:36 PM
- New video reveals Brother Nature instigated sandwich shop fight Monday 2:06 PM
- Lizzo’s thong dress breaks the internet Monday 1:25 PM
- Pixel Buds 2 or Apple AirPods 2: Which are right for you? Monday 1:09 PM
- It’s 2019: Make your holiday cards online, for free this year Monday 12:47 PM
Sony’s IT security is a ‘joke,’ say former employees
The hack is over—but the company’s woes have just begun.
As researchers and media organisations continue to dig through the mammoth quantities of highly-sensitive internal company documents released after an unprecedented hack on Sony Pictures, serious questions are being raised about the Hollywood studio’s security procedures—with one former employee describing the “information security team” as a “complete joke.”
Gawker is reporting that within the terabytes of information leaked, thousands of passwords were stored in plaintext, with no attempt made to encrypt them. One file was helpfully named “Master_Password_Sheet.”
The nature of the passwords vary from the personal to the corporate—which may explain how the hackers, an anonymous group going by the moniker “Guardians of Peace,” was able to gain access to Sony-related social media accounts.
Some of these passwords are “tied to financial accounts like American Express,” or are attached to personal employee details.
Others were saved in a plain sight, in a folder named “Password,” BuzzFeed reports, and include logins for pricey subscriptions news services including Bloomberg and Lexis/Nexis.
“It’s pretty common, I’ve seen, for large non-progressive organisations… to have precariously old ways of thinking,” a security expert told Gawker, “like that ‘their firewall will save them.’”
Meanwhile, a former Sony employee has spoken scathingly about the company’s security.
“Sony’s ‘information security team’ is a complete joke,” they told Fusion. “We’d report security violations to them and our repeated reports were ignored. For example, one of our Central European website managers hired a company to run a contest, put it up on the TV network’s website and was collecting personally identifying information without encrypting it.”
In another incident, “a hack of our file server about a year ago turned out to be another employee who left himself logged into the network (and our file server) in a cafe.”
“The real problem lies in the fact that there was no real investment in or understanding of what information security is,” said another former employee.
The data released in the hack—which is around a hundred terabytes in size—includes tens of thousands of social security numbers, personal addresses, detailed medical information and dates of birth for those on the Sony payroll, as well as screeners for upcoming films.
Sony isn’t the only company who’s security credentials may be called into question over the hack. Deloitte has also suffered the leak of thousands of employees’ details due to a former employee keeping the files—which as the New York Times points out, is excruciatingly embarrassing for a company that “aggressively [markets] its digital threat intelligence services and has been providing advice to corporations about how to protect data from employee leaks.”
H/T Gawker | Illustration by Rob Price
Rob Price is a technology and politics reporter who served as the U.K.-based morning editor for the Daily Dot until 2014. He now works as the news editor for Business Insider, and his work has appeared in Vice, Slate, the Washington Post, and the Independent.