A week after it was brought to a standstill by a hacker group that may or may not have hailed from North Korea, things are getting even worse for Sony Pictures. The hackers that crippled the company's computer systems have now released a vast hoard of Sony Pictures' private documents onto the internet. An analysis of more than 33,000 documents showed that they displayed passwords to internal computers, credit cards, and social media accounts, as well as the Social Security numbers of 47,000 current and former Sony Pictures workers.
Among the affected are Hollywood celebrities such as Sylvester Stallone, Rebel Wilson, and Anchorman director Judd Apatow. According to The Wall Street Journal, the Social Security numbers can be found alongside salary information, home addresses, and contracts for Sony Pictures employees and freelancers. Some of the affected individuals reportedly stopped working for Sony Pictures as far back as 2000.
The files weren't encrypted
Buzzfeed says the information, now available on file-sharing services, was kept in documents with no encryption, and stored under plainly labeled filenames such as "YouTube login passwords.xlsx." In addition to YouTube, Facebook, Twitter, and MySpace logins, the documents also contained username and password information for corporate news and research services such as Bloomberg and Lexis/Nexis, information necessary to access expensive subscription-based data services such as ComScore, and the passwords for Sony Pictures' story department's email, Amazon, and FedEx accounts.
The attack on the company, perpetrated by a group calling itself #GOP, is thought to have come from North Korea. The country's leaders had previously threatened "merciless retaliation" if the United States didn't ban showings of The Interview, the Sony Pictures movie that sees Seth Rogen and James Franco try to assassinate North Korean supreme leader Kim Jong-un.
Investigators from Sony Pictures, computer security firm FireEye, and the FBI said that the hackers breached Sony's servers using similar methods to a 2013 attack on a series of South Korean banks and broadcasters. In emails to The Verge, people purporting to be responsible for the hack did not acknowledge the link to the totalitarian state, instead saying that the group wanted "equality." A self-identified hacker by the name of "lena" said that the group had help from Sony staff in order to access the information.
The documents contained passwords for social media, corporate research, and credit card accounts
Sony Pictures bosses responded to the breach on Tuesday, saying the attack was a "malicious criminal act" that left them "deeply saddened." The company says it will offer a year of free credit monitoring and fraud protection to current and former employees, but that may not be enough for workers whose Social Security numbers, contracts, and home addresses are now available to anyone on the internet.