Sony Interactive Entertainment has acknowledged that a data breach occurred inside the company, according to a recent report from BleepingComputer.
The latest report on the ongoing story notes that Sony sent out a data breach notification to about 6,800 individuals, confirming that some sort of breach had happened. The notification notes that the breach occurred when an “unauthorized party exploited a zero-day vulnerability in the MOVEit Transfer platform.”
The report goes on to mention that Sony noted the breach happened earlier this year, in May, and was discovered in early June. BleepingComputer’s report says that Sony notified employees and any related friends and family, although it’s unclear who else may have been affected.
What happened in the Sony breach?
Earlier this week, a report from Cyber Security Connect noted the group claimed that they are planning on selling data that they hacked from Sony due to the company not cooperating with them.
“We have successfully compromissed [sic] all of sony systems,” the group claimed. “We won’t ransom them! We will sell the data. Due to Sony not wanting to pay. Data is for sale.”
The report also included screenshots that included images of what looked to be an internal log-in page, a PowerPoint presentation, Java files, and a file tree summarizing the leak, which is said to include under 6,000 files. The group has listed a date of September 28, 2023 as a “post date” target, with the report implying that if nobody purchases the data by then, it may end up online.
