Update: Although the claims of a data breach are still unverified, Sony has publicly acknowledged the situation and issued a statement to IGN which simply reads, “We are currently investigating the situation, and we have no further comment at this time.”
It looks like Sony may have been victim of a breach resulting in the collection of customer data, at least according to newly-formed ransomware group Ransomed.vc.
As reported by Australian outlet Cyber Security Connect, the group has made claims that it’s managed to gain access to “all” of Sony’s systems, saying that it plans to sell the data it’s taken, with Sony apparently unwilling to pay Ransomed to retrieve the stolen data.
“We have successfully compromissed all of sony systems. We wont ransom them! we will sell the data. due to sony not wanting to pay. DATA IS FOR SALE,” included message from the hacker group reads.
CSC’s report mentions that the proof-of-hack information that the group has shared isn’t particularly compelling, and that the total of less than 6000 files included in the leak’s file tree seems far too small to encompass the entirety of Sony’s system as Ransomed claims. The materials viewed by the publication include what looks like screenshots of an internal log-in page, a PowerPoint presentation with some testing data, log files and HTML files.
Looking at the below image shared by CSC, it seems as through the group has specifically targeted the Sony.com portal, with the messaging being “SONY.com data and access for sale.” The hacker group says they’ll publish the data they’ve stolen as of September 28th should it not find a buyer.
While the veracity and/or size of this supposed hack is still in question, and Sony hasn’t publicly made comment about the claims of a breach, PlayStation fans will no doubt remember the massive PlayStation Network data breach back in 2011 that affected over 70 million accounts and saw the whole service go down for nearly four weeks. It might be best just to update your passwords to any Sony accounts as a precaution.
Interestingly, Ransomed seems to position itself as a group of “penetration testers” who seek compensation for their “professional services” and say they’re working in compliance with GDPR and Data Privacy Laws.
This all also comes right after Microsoft accidentally leaked a bunch of its own data in documents made publicly available as part of its battle with the FTC over a $69 billion USD bid to acquire Activision Blizzard.