Blog

A place for all things security.

Sony used a folder titled “Password” to save your passwords

Dec 9, 2014 // Andrew Stroup


Sony Pictures Entertainment is the most recent victim by hackers who leaked documents onto the internet, to include a folder titled “Password,” which was used to save thousands of company passwords. Sony is one of many recent hacks on corporate companies, which has publicly shamed them for poor security practices and solutions.

Not only were passwords stored in a very obvious folder, but additional files included social security numbers of 47,000 employees and actors, to include Sylvester Stallone, Judd Apatow, and Rebel Wilson. The “Password” folder included 139 Word documents, Excel spreadsheets, zip files, and PDFs containing thousands upon thousands of passwords to Sony Pictures’ internal computers, social media accounts, and web services accounts.

To make matters worse, the files located in the folder were primarily in plain text with not additional security or password protection. BuzzFeed dug into one file and found clearly-labelled usernames and passwords for major motion picture social accounts, spanning from Facebook to YouTube.

Sony corporate has remained quite regarding the security breach, although it’s employees spoke up about it’s “long-running lax attitude towards security.”

The source of the hack is still yet to be identified, but the primary suspect based on available evidence is that the attack originated in North Korea; however, the North Korean government denies any involvement and has publicly declared it will follow international norms banning hacking and piracy. This is amidst an uproar by North Korea over The Interview, starring James Franco and Seth Rogan, which served as a potential motive for North Korea to take action again Sony.