Sony confirms two major data breaches this year

Sony data breaches

Sony confirmed earlier this year that it suffered two significant data breaches, potentially leading to a vast expanse of personal data exposure.

The initial breach transpired on May 28th, orchestrated by the Clop ransomware group exploiting a zero-day vulnerability within the MOVE it Transfer platform. This vulnerability, identified as CVE-2023-34362, is a high-risk SQL injection flaw allowing the remote execution of arbitrary code.

A mere three days later, Sony detected the attack, subsequently shutting down its network temporarily and patching the associated vulnerability. However, this lapse resulted in the compromise of the personal details of 6,791 American individuals.

Sony has since communicated with the affected individuals via email, extending an invitation for them to verify their identities and reinstate services through Equifax before February 29, 2024. As of now, Sony believes the incident to be confined to that specific software platform.

The second breach emerged at the close of the previous month, when a ransomware group named RansomedVC claimed to have infiltrated Sony’s online servers, purloining over 3.14GB of data teeming with user details.

This group also conveyed that due to Sony’s refusal to engage in negotiations and fulfill ransom demands, they intend to publicize and sell this trove of “data and access rights”.

Another entity, MajorNelson, has also claimed responsibility for this attack, asserting themselves as the actual perpetrators. The true culprits behind this ransomware assault remain shrouded in ambiguity.

Forensic experts discerned that this breach originated from a server located in Japan, designated for internal testing across Sony’s entertainment, technology, and service sectors. This server has since been decommissioned, with the investigation continuing in earnest.