Sony Pictures Entertainment saved thousands of company passwords in a file directory labelled ‘Password’, it has emerged, after hackers leaked another chunk of data following the attack.
Around 47,000 social security numbers of Sony’s employees, including Hollywood stars Sylvester Stallone, Judd Apatow and Rebel Wilson, were made available online as part of what seems to be an ongoing succession of leaked documents, films and other sensitive information by the Guardians of Peace (GOP) hacker group.
The file directory also includes 139 Word documents, Excel spreadsheets, Zip files, and PDFs containing thousands of passwords to Sony Pictures’ internal computers, social media accounts, and web services accounts, most of which are simply named ‘passwords.txt’ or ‘payroll password email.pdf’.
"Putting all your passwords in a folder marked passwords is a very obvious mistake, the hackers must have thought it was Christmas when they found that file,” said Roy Duckles, EMEA channel director at password management firm Lieberman Software Corporation.
With reports suggesting that the hackers harvested up to 100TB (terabytes) of data from the Hollywood studio, more leaks are expected to surface in the coming weeks. Since the attack, forthcoming movies have been disseminated free online at high quality, suggesting that they may have been stolen in breach.
The computer systems at the technology and entertainment giant went down at the end of last month. Speculation online led some people to believe that North Korea might have been the culprit for the massive cyber-attack in retaliation for the new Sony film ‘The Interview’, in which the main characters are to assassinate the communist state’s leader Kim Jong-Un.
Although a North Korean diplomat denied that Pyongyang was behind the extensive cyber-attack, a US national security source told Reuters that the country is a principal suspect.