Sony is definitely one of the hackers’ favorite targets. The company was the victim of the theft of personal information from nearly 7,000 employees who received special protection against identity theft.
At the end of May, the hacker group CL0P broke into the servers of the Sony Interactive Entertainment (SIE) group, which manages everything related to the PlayStation. After exploiting a “zero-day” SQL vulnerability in the MOVEit Transfer platform, Hackers have stolen the personal information of 6,791 current and former American employees of SIE.
A limited incident
The action was carried out on May 28th, Sony discovered the illegal data download on June 2nd and immediately deactivated the platform to fix the problem. An investigation was initiated with the support of IT security experts; Law enforcement agencies have also come under scrutiny. Sony says the incident was limited to this platform only and had no impact on the rest of its infrastructure.
At the end of June, the ransomware company CL0P added Sony to its list of victims, without the company having publicly communicated on this topic to date. However, it provided tools that allowed victims to protect their identities (Equifax).
This new hack has nothing to do with the one that made headlines a few days ago and was claimed by RansomedVC. Since then, another hacker group, MajorNelson, claims to have carried out the trick, in this case stealing 260GB of data. It is difficult to assign responsibility for this, but the evidence presented by both parties shows that the data in question is identifiers for internal systems, a license generation tool, certificates, etc.
Read: Should we be worried about Sony hacking?
Source: Bleeping Computer