The fallout from Sony Pictures’ hacking continued today, with the Wall Street Journal reporting that 47,000 sets of personal details – including those belonging to Hollywood names like Sylvester Stallone, Rebel Wilson and Judd Apatow – have been posted online.
It isn’t just celebrities targeted by the data breach, however, with the number also including current, former and freelance Sony employees, Time Magazine states. The data leaked includes includes social security numbers, contracts and taxpayer identification numbers. The data on ex-employees goes as far back as the year 2000, allegedly.
The leak occurred last week, reported by We Live Security here. It involved the leaking of five Sony films, four of them currently unreleased, and had news sites speculating the involvement of North Korean hackers as vengeance for an upcoming movie depicting the planned assassination of Kim Jong-Un. Things went from bad to worse for Sony when it was alleged that the company’s own PlayStation servers were being used to distribute the stolen data.
Forbes, which described the leak as “a cybercriminal goldmine” states that the leak goes beyond those who ever worked with the company, with “even those who simply applied to work at the company embroiled in the mess.” Resumes and immigration documents contain lots of identifiable information which could aid cybercriminals in fraud and identity theft.
Buzzfeed, which has undertaken a deep investigation into the Sony Pictures hacking, claims that much of the sensitive data, including passwords, was kept in plainly labeled files, such as ‘password list.xls’ and ‘YouTube login passwords.xlsx’. “One of the first and oldest rules of password management and security strongly cautions that users never write down password information,” the article says.
Debby Wong / Shutterstock.com