Sony breach: More leaks expose employees’ salaries, personal data

The fallout from last week’s breach of Sony Pictures Entertainment networks continues to increase, as the attackers leaked more stolen data on Pastebin on late Monday evening.

According to the NYT, the leak consisted of “tens of terabytes” worth of internal Sony data: employees’ personal information (social security number, date of birth) and passwords, their salaries (including those of senior executives), performance reviews, company marketing plans, additional financial information, and more.

The leak has been pulled from the site quickly, but Brian Krebs reports that some of the files have apparently also been traded on torrent networks, among these “a global Sony employee list, a Microsoft Excel file that includes the name, location, employee ID, network username, base salary and date of birth for more than 6,800 individuals.”

Here is the list of the documents allegedly stolen from Sony’s networks and leaked. It has been analyzed by Ars Technica’s Sean Gallagher, who offers more details about the contents.

In the meantime, the company is keeping mum on the details of the breach and the fallout.

Ian Thomson reports that some Sony PlayStation website servers were used to distribute an archive of Sony Pictures Entertainment’s potentially sensitive data on the BitTorrent network.

“Either the data was seeded by hackers who have gained control of Sony’s Amazon cloud account – or Sony could be deliberately pushing out a large archive as a honeypot to catch wannabe data thieves,” he commented.

There is some indication that the latter theory is the right one, as the archive was apparently missing some data at the end of the download, potentially making the entire archive unreadable.

The attackers and how they managed to pull off this hit are still unknown, but the FBI decided to share some of the details about the malware used in the attacks with several other big US companies.