Sony confirms data breach in May – over 6000 people affected


Sony PS5

Sony Interactive Entertainment (Sony) has confirmed that it suffered a data breach on May 28, 2023. The company said that the breach impacted thousands of current and former staff and their families in the United States. The breach was discovered on June 2, 2023, and the platform was immediately taken offline and the vulnerability was remediated. Sony launched a probe with the help of external cybersecurity experts and notified law enforcement. Sony said the incident was limited to the particular software platform and had no impact on any of its other systems.

Russian Hackers

Number of people affected

Sony Interactive Entertainment recently sent emails to current and former staff to inform them of relevant matters. The matter relates to the leakage of personal data. Sony said in the announcement that it had sent emails to 6,791 Americans. The company has also invited them to confirm their identity and restore services through Equifax before February 29, 2024.

Details of the breach

The breach was caused by a flaw in the MOVEit vendor software, which was discovered by Sony in early June 2023. Sony stated that this intrusion was initiated by attackers through a zero-day vulnerability in the MOVEit Transfer platform. The vulnerability tracking number is CVE-2023-34362, which is a high-risk SQL injection vulnerability. It can remotely execute arbitrary code. Due to this flaw, the malicious hackers had illegal access to data from the platform. However, after the discovery of the breach, Sony took care of the situation immediately. The compromised data included personal info such as names, addresses, Social Security numbers, and dates of birth.

Probe and response

Sony launched a probe with the help of external cybersecurity experts and notified law enforcement. According to Sony, the incident did not have any impact on any other of its systems apart from the MOVEit vendor software. However, all current and former staff now have emails from Sony informing them of the breach.

Russian Hackers

Gizchina News of the week


Multiple hackers claim responsibility

In late September 2023, multiple malicious actors claimed to have stolen data from Sony, with 3.14GB of data allegedly belonging to Sony posted on dark web hacking sites. Two different malicious actors claimed to have stolen data from the technology company.

One of the groups, RansomedVC, claimed to have stolen 260GB during a cyber attack against Sony. The group made attempts to sell the data for $2.5 million. The other group, MajorNelson, refuted RansomedVC’s claims and leaked a sample of the data for free.

Read Also:  After exiting the US market, Kaspersky announces closure of UK branch

Sony’s previous data breaches

Sony has suffered several data breaches in the past, including a major breach in 2011 that exposed the personal information of millions of users. In August 2017, a hacker group accessed Sony’s social media accounts and deleted data from Sony systems using a variant of the Shamoon virus.

In July this year, Clop ransomware group used the MOVEit vulnerability to launch large-scale attacks. Sony discovered the attack three days later and discovered unauthorized downloads. Sony later temporarily disconnected the Internet and fixed the related issues.

Impact of the breach

The breach has potentially exposed the personal information of over 6,000 people, specifically 6,791 Americans. The leaked data include names, addresses, Social Security numbers, and dates of birth. Hackers can use this data to steal the identity of the owners as well as for other malicious purposes.

Conclusion

Sony has confirmed a data breach that impacted thousands of current and former employees and their families in the United States. The cause of the breach is a flaw in the MOVEit vendor software. It led to a leak of personal information such as names, addresses, Social Security numbers, and dates of birth. Sony has launched an investigation with the help of external cybersecurity experts and notified law enforcement. The incident did not have any impact on any of Sony’s systems apart from the MOVEit software.

Author Bio

Efe Udin, the author of this article is an expert tech blogger who has been blogging for about seven (7) years. His expertise is on tech brand performance and the political interface between the government or government agencies and tech companies.

Disclaimer: We may be compensated by some of the companies whose products we talk about, but our articles and reviews are always our honest opinions. For more details, you can check out our editorial guidelines and learn about how we use affiliate links.

Source/VIA :
Previous Google releases Emoji feature for Gmail mailboxes
Next Google pushes fall feature drop to Pixel Fold, Tablet and other phones

2 Comments

  1. October 5, 2023

    If you manage to find a trustworthy and reliable hacker, please don’t hesitate to write reviews and share just as I am doing now, so we would have less victims of fraudsters. I invested a sum of 310,000 USD to earn profits trading and lost my investments to a scam company. It turned out the Company operated as a Ponzi scheme. I did a lot of online searches for help, and tried to see if there were other people who had any similar experience. I stumbled upon a cryptocurrency forum where a couple of people mentioned that they had been through the same process but were able to recover their lost bitcoins with the help of this legit hacker, WIZARD JAMES RECOVERY. I contacted him via email wizardjamesrecovery ((@)) usa (.) com and he gave me his word that he will help me recover my funds. He did an excellent job and my funds were returned to me within 2 weeks. I will recommend anybody who wants to retrieve lost or stolen bitcoin funds lost to binary options forex, Crypto investment and any other form of online scam to reach out to WIZARD JAMES RECOVERY.

  2. October 5, 2023

    If you manage to find a trustworthy and reliable hacker, please don’t hesitate to write reviews and share just as I am doing now, so we would have less victims of fraudsters. I invested a sum of 310,000 USD to earn profits trading and lost my investments to a scam company. It turned out the Company operated as a Ponzi scheme. I did a lot of online searches for help, and tried to see if there were other people who had any similar experience. I stumbled upon a cryptocurrency forum where a couple of people mentioned that they had been through the same process but were able to recover their lost bitcoins with the help of this legit hacker, WIZARD JAMES RECOVERY. I contacted him via email wizardjamesrecovery ((@)) usa (.) com and he gave me his word that he will help me recover my funds. He did an excellent job and my funds were returned to me within 2 weeks. I will recommend anybody who wants to retrieve lost or stolen bitcoin funds lost to binary options forex, Crypto investment and any other form of online scam to reach out to WIZARD JAMES RECOVERY.