Sony Data Breach Confirmed Via MOVEit Vulnerability


After days of speculations regarding a potential data breach at Sony, the global entertainment industry leader, Sony Interactive Entertainment, has now officially confirmed a major security breach.

In a security breach notice, the firm officially confirmed the Sony data breach and alerted both current and former employees to the exposure of their personal data to hackers.

The recent cyberattack on Sony which was previously unattributed, has now been linked by the entertainment giant to the exploitation of the MOVEit vulnerability.

Sony Data Breach Confirmed

Sony Interactive Entertainment (SIE) issued the security breach notice, informing not only its employees but also their family members about the cybersecurity incident involving one of its vendors.

The notice further stated that as a result of the security incident associated with Progress Software’s file-transferring platform MOVEit, there is a possibility that personal information may have been exposed to hackers.

Sony data breach
Screenshot of Sony data breach alert (Photo: Brett Callow/ Twitter)

“This event was limited to Progress Software’s MOVEit Transfer platform and did not impact any of our other systems,” the notice stated about the SIE data breach.

The Sony data breach alert provided further details regarding the MOVEit cyber attack and how it led to the exposing of employee data.

Addressing how the hackers conducted the SIE data breach, the alert read that on May 28, 2023, an unauthorized actor leveraged the MOVEit vulnerability to download some SIE files. These SIE files were stored on the MOVEit platform.

Sony discovered the data breach on June 2, 2023, along with the unauthorized downloads constituting the SIE ransomware attack. So far, the firm has sent the alert about the Sony data breach confirmation to nearly 6,800 individuals.

SIE confirmed that the personal information of 6,791 US individuals was accessed by hackers in the Sony ransomware attack. The firm reportedly denied yielding to the hacker’s ransom demands.

Impacted individuals were sent details about what personal information was compromised, in SIE cyber attack letters.

Clop Claimed Sony Ransomware Attack

Clop ransomware group claimed the cyber attack on Sony in June 2023 in connection with the other victims of the MOVEit vulnerability exploitation. Following this, RansomedVC, a ransomware group also claimed to have data allegedly stolen from Sony.

Sony data breach
Hacker forum claim of Sony data leak (Photo: VX-Underground/ Twitter)

In another Sony data leak update, a hacker forum user, Major Nelson denied RansomedVC having data belonging to Sony. Instead, they claimed that they had it and released samples as proof on the hacker forum. The legitimacy of neither was confirmed.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.





Source link