Sony Pictures Entertainment instructed employees not to connect to corporate networks or email after it suffered a major hacking incident.
The company network was affected with company PCs featuring an image saying “We have obtained all your internal data including secrets and top secrets”.
According to Deadline, the computers in New York and around the world were infiltrated by a hacker, and a source said that it is “down, completely paralysed”
In a statement, a Sony Pictures Entertainment spokesperson offered a single answer to questions: “We are investigating an IT matter.”
According to The Next Web, some of the links on the image lead to ZIP files which contain a list of filenames of a number of documents pertaining to financial records, along with private keys for access to servers. The message shown on employees’ computers mentions “demands” that should have been met by 11pm GMT last night.
A source within Sony anonymously confirmed to TNW that the hack and image that have appeared on computers inside Sony Pictures is real, saying that “a single server was compromised and the attack was spread from there. We’re all going to work from home. Can’t even get on the internet.”
Back in 2011, Sony Pictures was attacked by the hacktivist group LulzSec which compromised over 1,000,000 users’ personal information, and administrator details of Sony Pictures (including passwords) along with 75,000 ‘music codes’ and 3.5 million ‘music coupons’.
Phil Lieberman, CEO of Lieberman Software Corporation, said: “This was a perfect example of sloppy IT security and a CISO that did not implement proper privileged identity management, or a disaster recovery backup plan for continuity of business. The consequences were a loss of control over his environment caused by a focus on convenience of IT rather than the security of the enterprise.
“The cost of IT security was perceived as too high vs. the benefit of convenience for their administrators. No doubt they will be looking for a new CIO and CISO soon as this team was unable to even do the basics of their job: security and business continuity (but they did manage to save money by not buying an effective set of security solutions).”