UPDATED 11:12 EST / NOVEMBER 27 2014

Hackers publish list of stolen Sony files in blackmail case

password security thief hacker shadowHackers who caused Sony Corporation’s computer network to close down globally Monday have upped the ante in their attempt to blackmail the company by releasing a list of files it has obtained from company servers.

The hackers gained access to the Sony network Monday, posting messages across the company stating that “we’ve obtained all your internal data including your secrets” and demanding that that if the company doesn’t obey them, their data would be released to the world.

Bizarrely, the hackers did not articulate what they wanted from the Japanese electronics maker.

Sony was forced to shut off its corporate network globally when the hack first hit, advising its workforce to disconnect from the internet and shut off computers until the problem was solved.

According to reports the network was still offline as of Wednesday, and could remain down for week.

The list appears to include files containing passwords, copies of the passports of actors who have worked on Sony films, and even (oddly) pirated movies from other companies.

A fuller list, compiled by a Reddit user (via Ars) includes:

  • PDF files that apparently contain the passports, visas, and other associated identity documents of cast and crew for various Sony productions, such as actors Jonah Hill, Cameron Diaz, and Angelina Jolie (plus a file called Emmerich, Roland Greencard.pdf).
  • Over 700 documents containing passwords, including spreadsheets and Word files titled “FTP passwords,” “ResearchPasswords,” “ACCOUNTING PASSWORDS,” “Personal passwords,” and other files named for specific creative resource sites. There is also a file called “CA Breach Notification for User Names and Passwords (MoFo).pdf,” which someone at Sony will likely be referring to shortly.
  • 179 Outlook archival .pst mailboxes, including the mail folder of an executive at Sony Pictures Releasing Canada, an IT Audit Supervisor at Sony, as well as many “archive.pst” and “backup.pst” files.
  • Password protected documents—with their passwords in their names. (PASSWORD PALABRA SECRETA NISSAN.xlsx, PwC 2007 Report_PASSWORD_pwcemc60.pdf).
  • IT audit documents (PASSWORD EQUAL TO USER NAME.xls, ACCOUNTS WITHOUT PASSWORDS.xls).
  • Sensitive business documents including film budgets (“JR_Accrued Mktg Cost 0513 – Evil Dead.xls”) and contract documents (“Cameron Diaz – Pre-approved Medical Rider.doc”).
  • Personal credentials including private key files and 1Password database backups.
  • Media files for television shows that aren’t Sony Pictures products and may have been pirated copies on an employee’s desktop:

Sony is still not commenting publicly on the hack, or what files may have been obtained, stating only that they have an IT issue.

photo credit: Voxphoto via photopin cc

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU