It’s fair to say that 2014 did not end well for Sony. After reporting painful losses in its mobile division over the summer, they suffered a catastrophic business security breach with a hack over at its movie division, leading to the leaking of films and files about its employees.
But Sony’s ignominious fall from grace was compounded by another revelation: that many of the passwords used to keep their data safe were held in a folder marked “passwords”.
“It’s more than embarrassing, it’s absolutely a security no-no,” explains Carl Enser of security specialists Delta Comtech. “It just made the hacker’s lives easier”.
The hack, which gave the attackers access to hundreds of files and some of Sony Pictures’ biggest film releases, is thought to be one of the most sophisticated ever carried out. Memos accredited to Mandiant, the security firm employed by Sony to assess the damage, note that the malware responsible was undetectable by the company’s Anti-Virus software.
“This shows that even the most secure server can be vulnerable to attack,” continues Carl. “Which is why placing sensitive password data in plain view like that is madness. Rule One: never advertise where your most secure passwords are stored”.
As hackers become more and more daring, companies across the UK are being urged to check their security procedures to ensure that the same kind of thing doesn’t happen here.
“This was a top-level, targeted hack: if you’re a small business, it’s easy to think that this can’t happen to you. But any server that is web-connected is potentially vulnerable to attack.”
If you’d like some advice on keeping your data safe, Delta Comtech have a blog that contains hints and tips that could help. You can visit it by clicking here or call Carl on 01625 443110