Security Experts:

Sony Hackers Dump Personal Data on 47,000 People, Celebs Included

The attackers behind the recent devastating hack against Sony have leaked what appears to be sensitive personal data on roughly 47,000 individuals, including celebrities, according to a company that has analyzed the files.

Sony Pictures acknowledged earlier this week that a “brazen” cyber attack resulted in hackers getting their hands on a "large amount" of confidential data, including customer information and unreleased movies, as well as employee and other corporate files.

“Some SSNs appeared in more than 400 different locations, giving hackers more opportunities to wreak havoc," said Todd Feinman, President and CEO, Identity Finder, a firm that analyzed the files allegedly taken from Sony and released by the attackers.

After running the files though its “Sensitive Data Manager” solution, Identity Finder discovered the following buried within various leaked files:

• 601 files containing SSNs

• 75 Acrobat PDFs

• 523 Excel spreadsheets

• 3 Word documents

• 47,426 unique SSNs

• 15,232 SSNs belonged to current or former Sony employees

• 3,253 SSNs appeared more than 100 times.

• 18 files contained between 10,860 and 22,533 SSNs each.

• 1,123,798 copies of compromised SSNs

• The SSNs appeared more than 1.1 million times inside 601 publicly-posted files stolen by hackers.

"The most concerning finding in our analysis is the sheer number of duplicate copies of Social Security numbers that existed inside the files,” Feinman said.

Most files containing SSNs were accompanied by other personally identifiable information, such as full names, dates of birth and home addresses, which creates a clear path for criminals intent on committing identity fraud, Identity Finder said.

While the exposure of sensitive personal and corporate information is embarrasing and costly for Sony, significant damage also came as a result of the destructive malware that infected many systems across the company, forcing it to shut down its network and send employees home last week.

Why are fingers pointing at North Korea?

Reports show that the hackers may have links to North Korea, and used malware similar to threats used in destructive attacks on businesses in South Korea (DarkSeoul attacks) and the Middle East, including the “Shamoon” attacks against oil producer Saudi Aramco.

The attack came after North Korea warned of "merciless retaliation” over the planned release of an upcoming film called “"The Interview," a comedy about a CIA plot to assassinate North Korea leader Kim Jong-Un.

The FBI has launched an investigation into the attack, and also sent out a “flash alert” to warn organizations of a destructive piece of malware, assumingly the threat used against Sony.

Security firms, including Trend Micro and Kaspersky Lab, have released findings on the malware, which dive into more detail and explain some of the connections that could highlight a possible link to North Korea.  

view counter
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.