Highlights
- Sony has confirmed two major data breaches occurred this year, with personal information of over 6,000 people potentially being exposed.
- The first breach occurred in May, compromising the data of 6,791 individuals in the US, while the second breach resulted in the theft of 3.14 GB of data.
- Sony is currently investigating both breaches and is offering credit monitoring and identity restoration services to those affected.
Sony has just confirmed that a security breach involving its online servers did take place earlier this year, and personal information was likely exposed as a result. PlayStation owners received a major scare last month when a ransomware group claimed to have broken into Sony’s online servers with the goal of stealing sensitive data and selling it online through encrypted proxies. The group reportedly attempted to ransom Sony for this information, only to be rejected.
Details about this supposed data breach were sparse at the time it was reported, but it is believed that the perpetrators managed to access less than 6,000 files from Sony Group Corporation and Sony Corporation consisting of various log files, Java resources, and HTML files, and many of them were said to feature Japanese characters. There was no mention of PlayStation hardware or user accounts in the initial breach reports, but the news was still alarming to Sony employees, and it appears that this cyberattack wasn’t a hoax as many had hoped.
PlayStation Portal Handheld Already Sold Out in Many Places
Despite some initial skepticism about its niche nature, the PlayStation Portal handheld is already sold out in many places around the globe.
In a new report by BleepingComputer, Sony confirmed that it suffered two major data breaches earlier this year, with the first taking place on May 28, just three days before a zero-day vulnerability in the MOVEit Transfer platform was discovered. This flaw allowed Clop ransomware users to extract Sony’s code remotely, which in turn led to the personal information of 6,791 people in the US being compromised. This virtual break-in was discovered on June 2, after which Sony launched an investigation into the matter with the help of external cybersecurity experts and law enforcement. So far, Sony believes that the incident was limited to that one particular software platform.
A second breach occurred late last month, with Sony reporting that up to 3.14 GB of data had been stolen from its online systems. Two separate hackers claimed to be responsible for this, with each one sharing a leaked dataset containing details for the SonarQube platform, certificates, Creators Cloud, incident response policies, a device emulator for generating licenses, and other information. Third-party forensics experts discovered that this breach occurred on a single Japanese server used for internal testing for Sony’s Entertainment, Technology, and Services business, which has since been taken offline while investigations continue.
Sony is assuring customers and business partners that there is currently no indication that personal data was compromised by this lattermost hacking, but it is still too early to know for sure. What is known is that Sony has suffered two major cyberattacks within the past four months, and the first resulted in the personal information of over 6,000 people potentially being exposed to malicious parties. Individual letters are being sent out to those affected by the breach, who are being offered credit monitoring and identity restoration services through Equifax from now until February 29, 2024.
Source: BleepingComputer