PlayStation confirms data breach compromised info of about 6,800 employees

According to Sony, the breach was due to a vulnerability in a file sharing platform was caught only after an unknown actor accessed the files.

1

This week, Sony Interactive Entertainment has addressed a massive data breach that left around 6,800 current and former employees’ data exposed and collected by hackers and ransomware groups. This breach apparently may have taken place as early as late May, and seems to be due to a critical vulnerability that was identified in a file transfer platform the company was using at the time. Sony has begun contacting employees affected, setting them up with identity recovery and protection, and cooperating with authorities to identify those who unlawfully accessed said information.

Sony shared its full address of the matter earlier this week, as reported by BleepingComputer. The company states that the breach was in relation to the MOVEit file transfer platform, which was used by company employees to send files back and forth. Progress Software, the developers and maintainers of MOVEit, shared on May 31 that a major vulnerability had been discovered, but before the vulnerability had been patched, an unauthorized party accessed files through the vulnerability. It was through this that they accessed the personal info of around 6,791 current and former Sony Interactive Entertainment employees based in the United States.

FalconFeedsio tweeting on the breach of Sony employee information.
Back in June, cybersecurity Twitter FalconFeedsio shared that a ransomware group had placed Sony on its list of victims.
Source: FalconFeedsio

Following the breach, Sony reportedly sent an email to affected employees, of which a portion is shared below:

A ransomware group known as CL0P claimed responsibility for the breach, playing Sony on a list of “victims” it had targeted, as shared by cybersecurity Twitter FalconFeedsio. This also follows on the back of a recent and separate data breach in which a group known as Ransomed.vc claimed to have breached Sony’s systems and accessed a large amount of data throughout the company’s systems. Sony has stated it is also investigating that particular breach, but had little more to say at the time.

It seems that Sony and PlayStation are on the receiving end of a particularly abundant recent wave of cybersecurity breaches. We will continue to follow this and other Sony cybersecurity stories and updates as news becomes available.

Senior News Editor

TJ Denzer is a player and writer with a passion for games that has dominated a lifetime. He found his way to the Shacknews roster in late 2019 and has worked his way to Senior News Editor since. Between news coverage, he also aides notably in livestream projects like the indie game-focused Indie-licious, the Shacknews Stimulus Games, and the Shacknews Dump. You can reach him at tj.denzer@shacknews.com and also find him on Twitter @JohnnyChugs.

From The Chatty
Hello, Meet Lola