As expected, the Sony Pictures breach has unearthed more than just unreleased, pirated movies. A slew of sensitive employee information is also making the rounds online, and at one point it appears servers belonging to Sony were helping pass the information around.
It had been widely speculated that more than just movies had been spilled by the hack, but it wasn’t until yesterday that its breadth became more known.
Employees’ Social Security numbers, dates of birth, along with medical and salary information are now being circulated via torrent sites according to security reporter Brian Krebs, who dissected some of the information yesterday.
According to Krebs, more than 25 gigabytes of information belonging to approximately 6,800 current and former Sony employees has been leaked. A global employee list and a Microsoft Excel file detailing employee names, network usernames, their employee ID and their payroll data are just some of the files that were leaked. Another file that appears to be a status report from April 2014, lists in excess of 700 employee names, birthdates, Social Security numbers and health savings account data, is also floating around.
In addition to employee healthcare and payroll information, other reports claim scripts for pilots, salary negotiations, budgets, employee criminal background checks and even employees’ doctor’s notes were leaked in the hack.
At one point yesterday 65 servers from Sony were actually being used to carry out the data dump, according to security researcher Dan Tentler.
file this under ‘ultralols’? and no, you can’t see my IP here. pic.twitter.com/6syaQ8bazt
— Dan Tentler (@Viss) December 2, 2014
Tentler, director of security research for IT security firm Carbon Dynamics, discovered that addresses corresponding to Sony PlayStation servers – hosted on the Amazon EC2 cloud – were helping spread the 27 gigabyte dump, “spe_01.” Links to the torrent have been circulating across several different anonymous Pastebin files so far this week.
okay, troll to the max. all those IPs I posted earlier? loadbalanced Sony ec2 instances. serving up the goods. so amaze! — Dan Tentler (@Viss) December 2, 2014
While Sony’s PlayStation Network may be a separate entity from Sony Pictures Entertainment, it apparently didn’t stop servers from helping seed the leaked information, at least for a short while. Tentler claims the EC2 servers disappeared from the list of peers on the torrent late Tuesday.
oh interesting, the sony ec2 peers have vanished from the list of peers on the torrent. — Dan Tentler (@Viss) December 2, 2014
Last week hackers claiming to represent Guardians of Peace (GOP) hit Sony Pictures Entertainment’s (SPE) systems, rendering them mostly useless. Shortly before the Thanksgiving break, employees were asked by the company to stop using their computers and business email accounts.
One warning, allegedly spotted at Sony Pictures’ London office by James Dean, a technology correspondent at The Times, forbid logging into PCs or using company WiFi until further notice.
This notice stuck on lifts at Sony Pictures in London.. pic.twitter.com/RMZcQhjfYI — James Dean (@JamesDeanTimes) November 28, 2014
In the eight days since the breach, Sony has struggled to restore its systems, although it is working with the F.B.I. and Mandiant, FireEye’s consulting firm, to further investigate the incident.
Over the weekend the breach leaked several Sony Pictures films, four that haven’t even been released in theaters yet, to file sharing sites.
On Tuesday the F.B.I. issued a lengthy flash warning to businesses that sounded the alarm on wiper malware. Given the warning’s timing, it’s being widely assumed that some variation of the malware, which overrides data on hard drives, rendering them inoperable, may have hit Sony. Another theory around the attack is that it originated in North Korea in response to Sony Pictures’ forthcoming film, “The Interview,” which skewers the nation and its leader Kim Jong-un. When reached by the BBC on Tuesday, the nation would not deny the claim and coyly stated: “Wait and see.”
Email requests from Threatpost to Sony Pictures Entertainment’s press department have gone unanswered all week.