Last month, a ransomware group called Ransomed.vc claimed that it had managed to breach “all Sony systems” and was threatening to sell stolen data, though it was never actually confirmed whether the breach happened or what kind of data had been stolen. After the incident, Sony said it had begun investigating, but was not ready to provide any comments regarding the potential breach at the time.
First reported by BleepingComputer (thanks VGC), Sony has now confirmed in a statement that an “unauthorised actor” managed to gain access to the MOVEit file transfer platform that is used by Sony employees. It was via a vulnerability in this platform that the individual behind the breach was able to download a bunch of Sony files, allowing them to access the personal information of 6,791 current and former Sony employees based in the United States.
Sony has apparently been letting all employees that have been affected by the breach know what’s happened and is providing them with free credit monitoring and identity restoration services. It has also claimed that the individual in question has only breached this particular software platform and that the rest of its systems are unaffected. From this, we can gather that player information hasn’t been stolen, but Sony doesn’t seem to have revealed the full extent of what kind of information has leaked.
“On June 2, 2023, SIE discovered the unauthorised downloads, immediately took the platform offline and remediated the vulnerability,” explained Sony in a letter to affected employees. “An investigation was then launched with assistance from external cybersecurity experts. We also notified law enforcement.”
“Once SIE identified the downloaded files, we began a process to determine what types of personal information were affected and to whom it relates. While we worked quickly, this was a time-consuming process, and we wanted to provide you accurate information.”
While this is clearly terrible news for all of the employees affected, and appears to be yet another major security breach for Sony to add to the list, the silver lining is that player information doesn’t seem to have been stolen. That makes it far less worse than the infamous PlayStation Network security breach that took place back in 2011, which resulted in the personal information of 77 million accounts being exposed and the service being taken down for almost a month.
In other less serious PlayStation news, a controversial AI focused YouTube channel has been “putting photoreal faces in video games”, which has led to some incredibly cursed results. Horizon Forbidden West protagonist Aloy is among the characters that have been given a “photoreal” makeover, and I’m sure I don’t need to remind you how much gamers love being weird about her face.
Next: The Shadow-Cursed Lands Make Baldur’s Gate 3 A Halloween Game