Sony has confirmed reports that sensitive data of current and former employees has been stolen by outside forces.
In a notification letter sent to affected individuals, Sony said hackers exploited a flaw in MOVEit’s managed file transfer software to steal sensitive personal information from them or possibly their family members.
According to the letter, the attack occurred on May 28, just days before Progress – the company behind MOVEit – began alerting its customers to a serious flaw in the application.
The list of victims is growing
“On June 2, 2023, (Sony) discovered the unauthorized downloads, immediately took the platform offline and resolved the vulnerability,” the letter said. “An investigation was subsequently launched with the help of external cybersecurity experts. We have also informed the police,” Sony concludes.
Although the company emphasized that the breach was in this software platform and did not reach elsewhere on the network, this appears to have been sufficient as sensitive data of 6,791 people in the US was captured by a Russian, financially motivated ransomware actor known as Cl0p. .
In the meantime, Cl0p already listed Sony on its data breach site and started selling the stolen goods, meaning Sony wasn’t interested in negotiating or paying the ransom. In the ad posted to the dark web, a threat actor named Ransomed.vc posted a small sample of the data, including screenshots of an internal login page, an internal PowerPoint presentation, and some Java files. The ad said that “all Sony systems” had been compromised.
Cl0p violating MOVEit MFT is slowly turning into one of the biggest cyber messes of all time, just like Log4j and GoAnywhere. MOVEit is a managed file transfer service, a tool used by organizations to securely share sensitive information. The tool is used by numerous organizations, including small and medium-sized businesses, as well as large organizations and enterprises. Cl0p has so far listed hundreds of companies whose data has been stolen via a single vulnerability, a severe SQL injection flaw tracked as CVE-2023-34362. This allowed Cl0p to remotely execute code on vulnerable endpoints.