Sony is definitely one of hackers’ favorite targets. The company has been the victim of identity theft for nearly 7,000 employees who will receive special identity theft protection.
At the end of May, the hacker group CL0P hacked the servers of the Sony Interactive Entertainment (SIE) group, which manages everything related to PlayStation. After exploiting a zero-day SQL security vulnerability on the MOVEit Transfer platform, hackers stole the personal information of 6,791 current and former American SIE employees.
The operation was carried out on May 28, Sony discovered the illegal data upload on June 2 and immediately deactivated the platform to fix the problem. An investigation was launched with the assistance of IT security experts; Law enforcement agencies were also confused. Sony clarifies that the incident was limited only to this platform and did not affect the rest of its infrastructure.
In late June, ransomware company CL0P added Sony to its list of victims, although the company had not publicly disclosed the move until today. However, the company has provided tools to allow victims to protect their identity (Equifax).
This new hack is unrelated to the one that made headlines a few days ago and was reported by RansomedVC. Since then, another hacker group, MajorNelson, has claimed to have pulled off the stunt, in this case stealing 260GB of data. It is difficult to assign responsibility for this, but evidence provided by both parties shows that the data in question relates to internal system identifiers, license generation tool, certificates, etc.
Read: Should we be worried about Sony being hacked?