Sony Confirms Data Stolen in Two Recent Hacker Attacks – Source: www.securityweek.com

Sony this week shared information on the impact of two recent unrelated hacker attacks believed to have been carried out by a couple of known cybercrime groups.

One of the incidents is related to the investigation launched recently by Sony after a relatively new ransomware group named RansomedVC claimed to have compromised all of the company’s systems and offered to sell stolen data.

The screenshots the hackers initially made public to demonstrate their claims seemed to show that they obtained source code, access to Sony applications, and confidential documents. However, most of the content appeared related to Sony’s Creators Cloud media production solution, suggesting that their claims were exaggerated. 

In an updated statement on Wednesday, Sony told SecurityWeek that it has been investigating the claims with the help of third-party forensics experts and identified unauthorized activity on a single server located in Japan. The hacked server has been used for internal testing for the company’s Entertainment, Technology and Services (ET&S) business.  

“Sony has taken this server offline while the investigation is ongoing. There is currently no indication that customer or business partner data was stored on the affected server or that any other Sony systems were affected.  There has been no adverse impact on Sony operations,” the company said.

RansomedVC has now made available a 2Gb archive file allegedly containing information stolen from the Japanese electronics and entertainment giant. However, downloading the file does not seem to work at the time of writing. 

The second incident is related to the campaign in which the Cl0p ransomware group exploited a zero-day vulnerability in Progress Software’s MOVEit managed file transfer (MFT) software to gain access to the files of hundreds of organizations that had been using the product.

Cybersecurity firm Emsisoft has counted more than 2,300 impacted organizations and over 62 million individuals to date, but the numbers continue to increase. 

Sony was among the first major companies to be listed on the Cl0p leak website as a victim of the MOVEit hack. The company this week informed the Maine attorney general that nearly 6,800 people were impacted by the MOVEit attack. 

In notifications sent to impacted people, Sony said it discovered on June 2 that hackers had downloaded files from its MOVEit platform. 

The data breach impacts current and former employees of Sony Interactive Entertainment and their family members. 

The sample data breach notice published on the Maine attorney general’s website does not say exactly what type of information was compromised, but it does specify that it was personal information. In addition, Sony is offering free credit monitoring and identity restoration services to impacted individuals, which suggests the information is sensitive. 

Related: Sony Launches PlayStation Bug Bounty Program on HackerOne

Related: Sony Hackers Linked to Many Espionage, Destruction Campaigns

Related: N. Korea Calls Sony, Wannacry Hack Charges Smear Campaign