A few weeks ago, PlayStation and Sony began an investigation into an alleged hacker attack on “all systems” of the Japanese corporation. The company did not have time to confirm this situation because… another group shared files downloaded in June.
Sony Interactive Entertainment confirmed that the hacker attack resulted in the disclosure of personal data from approximately 6,800 current and former employees of the Japanese corporation.
BleepingComputer reports that the PlayStation manufacturer contacted the victims and informed them about the problem. Sony reportedly confirmed that the hack affected the MOVEit file transfer platform used by SIE employees, which was developed by third-party IT vendor Progress Software.
Progress announced on May 31 that it had discovered a vulnerability in MOVEit, but three days earlier an “unauthorized entity” exploited the vulnerability to download SIE files, gaining access to the personal information of 6,791 current and former SIE employees based in the United States.
According to Sony, the hack was “limited” and in fact, the hackers only reached one file, which was then shared.
On June 2, 2023, SIE detected unauthorized downloads, immediately disabled the platform and patched the vulnerability. An investigation was then launched with the help of external cybersecurity experts. We also notified law enforcement authorities. Once SIE identified the downloaded files, we began the process of determining what types of personal information had been compromised and who was affected. “While we worked quickly, this was a time-consuming process and we wanted to ensure accurate information,” Sony said in a letter sent to former employees whose details were shared.
Sony has decided to help all those affected by offering free credit monitoring and identity restoration services to former and current employees and asking them to be alert for signs of identity theft or fraud.
It is worth mentioning here that at the end of last month another group announced that they would “compromise” Sony servers and download many files, but we have not currently witnessed a data leak in this case.
Source: VGC