Sony Interactive Entertainment (SIE) fell victim to two cyber attacks in the last four months that resulted in the leakage of personal data of 6.8 thousand people and 3.14 GB of company data. In this respect reports BleepingComputer portal.
According to SIE representatives, the first attack was carried out on May 28 using the zero-day vulnerability CVE-2023-34362 in the MOVEit Transfer platform, which the company uses to transfer files. Hackers gained access to SIE computer networks and downloaded confidential information of approximately 6.8 thousand current and former Sony employees, as well as their family members.
The company only learned of what had happened on June 2 and immediately shut down the platform and fixed the vulnerability, as well as notifying the police and hiring cybersecurity experts to investigate the incident. The company also offered victims free credit monitoring and identity restoration services through Equifax through February 29, 2024.
Also, at the end of September, posts about the sale of stolen Sony data appeared on hacker forums. The data included details about the SonarQube platform, certificates, Creators Cloud, incident response policies, and a device emulator for licensing.
The company confirmed to reporters that one of its servers, located in Japan and used for internal testing in entertainment, technology and services, was hacked. Sony took the server offline during the investigation and said no customer or partner data was stored on the server and no other company systems were affected.
This isn’t the first time Sony has suffered cyber attacks. For example, in 2011, hackers hacked the PlayStation Network and stole the data of more than 77 million users; As a result, the company’s gaming service was disabled for almost a month.
hackers before said About the rules of cyber warfare.
Source: Gazeta
Jackson Ruhl is a tech and sci-fi expert, who writes for “Social Bites”. He brings his readers the latest news and developments from the world of technology and science fiction.