Conan O’Brien & Sylvester Stallone’s personal information exposed in Sony hack

By Jose Pagliery

NEW YORK (CNNMoney) — Hackers have exposed the Social Security numbers of Conan O’Brien, Sylvester Stallone, Rebel Wilson and 47,423 other people as part of the massive Sony Pictures breach.

The list also includes film director Judd Apatow and Sly’s brother, Frank Stallone.

For 15,231 Sony Pictures employees and contractors, there’s enough information now made public to open bank accounts, credit cards and claim tax refunds in their names.

“For the rest of their lives, they have to worry about identity theft,” said Todd Feinman of Identity Finder, a data protection company that combed through the data. “Credit monitoring doesn’t help these people. This data is now permanently in the public domain.”

Other secret, and sometimes embarrassing details have surfaced from the hack as well. For example, the world now knows Seth Rogen is getting paid more than James Franco. Rogen is making $8.4 million for writing, directing and starring in “The Interview” versus Franco’s $6.5 million.

Movie scripts, entire films and internal memos are also now being shared online.

The vast majority of the files weren’t even password-protected. And in several instances, huge lists of SSNs were in the background of a spreadsheet that didn’t need them there anyway.

So why did Sony Pictures keep 601 different files lying around with a total of 1.1 million SSNs?

This kind of practice breaks a basic rule about sensitive data: Keep it in one place, and protect it.

In fact, Sony broke a lot of common sense rules. Workers also kept password lists, which gives hackers access to even more data going forward.

Sony Pictures did not respond to requests for comment.

This could have been prevented

Sony could have spent just $5 million to lock down its entire computer network, according to Phil Dunkelberger of Nok Nok Labs, which makes authentication technology that protects data. That’s much less damage than what Sony faces now.

Outside hackers would have been stopped if Sony had employed routine security measures, including encrypting its servers and forcing its employees to use several layers of secret keys.

Even if the files were being stolen by an insider, Sony could have used widely available corporate software that monitors employees — and warns the company if someone downloads unusually large amounts of data.

In Sony’s case, it looks like more than 100 terabytes of data were stolen. That’s equivalent to about 50,000 full-length HD movies.

Try getting that past your company’s IT department.

“Alarms should have gone off,” Dunkelberger said. “Protecting data isn’t a technology issue anymore. It’s about the force of will.”

What’s most curious about the Sony Pictures hack is that Sony — of all media companies — should have known better. The 2011 hack of Sony’s PlayStation Network devastated the company and cost it more than $170 million.

The-CNN-Wire
™ & © 2014 Cable News Network, Inc., a Time Warner Company. All rights reserved.

Exit mobile version