Data of more than six thousand employees was compromised in the cyber attack. Sony also admits another incident.

Sony confirmed the incident in a letter to the employees involved, which also ended up in the Bleeping Computer editorial team. The hack reportedly compromised the data of 6,800 current and former (American) employees. The Russian hacker collective Clop claimed responsibility for the attack and the perpetrators most likely abused a zero-day in MOVEIt. According to Sony, other systems are not affected.

May MOVEit, MOVEit

MOVEit is a file transfer software operated by Progress Software company. At the beginning of June, a critical zero-day in the software came to light, giving hackers the opportunity to gain access to the contents of files via SQL injection. Unfortunately for Sony, the incident happened back on May 28th.

Sony joins the illustrious list of victims of Clop and MOVEit. At least four hundred organizations are already on the list. The best-known names include the cosmetics company Estee Lauder, Deutsche Bank, the energy giant Shell and the US Department of Energy. There were probably also victims in the Benelux countries.

These are difficult months for the software provider Progress Software. The MOVEit Zero Day(s) problems have barely been cured when the next critical vulnerability has already emerged. A few days ago, Progress Software warned of a zero day in WS_FTP, which was also being actively exploited. A patch is already available.

Second incident

When it comes to security, not everything is going smoothly at Sony. Rumors are still circulating about another attack on the company, in which two different hacker groups cracked a server and stole several gigabytes of data. Sony appears to confirm this incident in a statement to BleepingComputer, although this immediately undermines its seriousness.

“Sony is investigating recent allegations of a security incident. We discovered activity on a server that Japan uses for internal entertainment testing. There is currently no evidence that customer or business partner data is stored on the affected server or that other systems are affected. There are no negative consequences for Sony’s business. “We have taken this server offline while the investigation is ongoing,” the statement said.

It seems unlikely that this hack is also a result of MOVEit Zero Day. It is not known how the attackers got in.