In a new report by BleepingComputer, Sony confirmed that it suffered two major data breaches earlier this year, with the first taking place on May 28, just three days before a zero-day vulnerability in the MOVEit Transfer platform was discovered. This flaw allowed Clop ransomware users to extract Sony’s code remotely, which in turn led to the personal information of 6,791 people in the US being compromised. This virtual break-in was discovered on June 2, after which Sony launched an investigation into the matter with the help of external cybersecurity experts and law enforcement. So far, Sony believes that the incident was limited to that one particular software platform.
A second breach occurred late last month, with Sony reporting that up to 3.14 GB of data had been stolen from its online systems. Two separate hackers claimed to be responsible for this, with each one sharing a leaked dataset containing details for the SonarQube platform, certificates, Creators Cloud, incident response policies, a device emulator for generating licenses, and other information. Third-party forensics experts discovered that this breach occurred on a single Japanese server used for internal testing for Sony’s Entertainment, Technology, and Services business, which has since been taken offline while investigations continue.
Sony is assuring customers and business partners that there is currently no indication that personal data was compromised by this recent hacking, but it is still too early to know for sure.
Source
A second breach occurred late last month, with Sony reporting that up to 3.14 GB of data had been stolen from its online systems. Two separate hackers claimed to be responsible for this, with each one sharing a leaked dataset containing details for the SonarQube platform, certificates, Creators Cloud, incident response policies, a device emulator for generating licenses, and other information. Third-party forensics experts discovered that this breach occurred on a single Japanese server used for internal testing for Sony’s Entertainment, Technology, and Services business, which has since been taken offline while investigations continue.
Sony is assuring customers and business partners that there is currently no indication that personal data was compromised by this recent hacking, but it is still too early to know for sure.
Source
