CarderPlanet
Professional
The division responsible for the release of the PlayStation, did not survive the cyber battle with the Clop group.
Sony Interactive Entertainment (SIE), a division of the well – known company responsible for the development of PlayStation consoles, confirmed the data leak of its former employees-almost 6800 people.
The company explains that the reason for the hack was the exploitation of a 0-day vulnerability in the MOVEit Transfer platform. This defect, known as the CVE number-2023-34362 – classic SQL injection that allows you to execute code on the device remotely. CVE-2023-34362 has been actively exploited over the past few months by the Clop group, which has affected many organizations around the world. Sony is no exception.
The incident became known in early June, but SIE made an official statement only now. According to the report, the attack occurred on May 28, just three days after Progress Software, the developers of MOVEit, informed Sony management about the existing threat.
Unauthorized access to internal systems was recorded on June 2, 2023. Sony immediately notified law enforcement and launched an investigation involving external cybersecurity specialists.
Later it became known that the attackers gained access to the victims social security numbers. This data, combined with names and, for example, driver's license numbers, will be quite enough to fake an identity.
SIE claims that the incident affected only one platform and did not affect the operation of other systems. Each victim received an individual email with details of the leak. The company also offers services for former employees to recover personal information and monitor credit accounts.
Not so long ago, there were rumors about a new attack on Sony, as a result of which another 3.14 GB of data was stolen from corporate systems. The leak includes information about the SonarQube platform, various certificates, Creators Cloud data, security policies, licenses, and other materials.
The representative confirmed that there was a limited compromise of data on one of the servers in Japan. The investigation is already underway.
Sony Interactive Entertainment (SIE), a division of the well – known company responsible for the development of PlayStation consoles, confirmed the data leak of its former employees-almost 6800 people.
The company explains that the reason for the hack was the exploitation of a 0-day vulnerability in the MOVEit Transfer platform. This defect, known as the CVE number-2023-34362 – classic SQL injection that allows you to execute code on the device remotely. CVE-2023-34362 has been actively exploited over the past few months by the Clop group, which has affected many organizations around the world. Sony is no exception.
The incident became known in early June, but SIE made an official statement only now. According to the report, the attack occurred on May 28, just three days after Progress Software, the developers of MOVEit, informed Sony management about the existing threat.
Unauthorized access to internal systems was recorded on June 2, 2023. Sony immediately notified law enforcement and launched an investigation involving external cybersecurity specialists.
Later it became known that the attackers gained access to the victims social security numbers. This data, combined with names and, for example, driver's license numbers, will be quite enough to fake an identity.
SIE claims that the incident affected only one platform and did not affect the operation of other systems. Each victim received an individual email with details of the leak. The company also offers services for former employees to recover personal information and monitor credit accounts.
Not so long ago, there were rumors about a new attack on Sony, as a result of which another 3.14 GB of data was stolen from corporate systems. The leak includes information about the SonarQube platform, various certificates, Creators Cloud data, security policies, licenses, and other materials.
The representative confirmed that there was a limited compromise of data on one of the servers in Japan. The investigation is already underway.
