Sony hack reveals movie studio kept passwords in folder named 'Passwords'

Sony hack reveals movie studio kept passwords in folder named 'Passwords'
​The recent hacking of Sony Pictures is proving to be more embarrassing than first imagined: among the files pilfered from the Hollywood giant are documents containing dozens of login credentials and passwords in plain text.

On Thursday, writers at Buzzfeed noticed that within a trove of stolen Sony files being shared online in the wake of the recent high-profile hack of the company’s network is a folder named “Password” containing, predictably, dozens of documents purported to allow access to dozens of accounts used by the movie studio.

One screenshot of the folder’s contents shared on Buzzfeed includes 139 documents like Microsoft Excel and Word files with names such as “website passwords.xls” and “UPS Login & Passwords.xls,” each containing a cache of sensitive info.

“One file BuzzFeed News found included hundreds of clearly labeled Facebook, MySpace, YouTube and Twitter usernames and passwords for major motion picture social accounts,” the website reported.

The Wall Street Journal has noted that a preliminary analysis undertaken by data-security firm Identity Finder LLC of 33,000 Sony documents taken during the hack suggests much of the data is not password-protected and can be accessed by anyone who has downloaded it from the web. Other data posted by the hackers, the Journal reported, including Social Security numbers for more than 47,000 current and former Sony employees and Hollywood celebrities, as well as salary data, passport and visa information for actors and internal email spools, according to Fusion.

As RT reported previously, hackers have also released five completed Sony films that were taken during the intrusion, the likes of which have since been distributed online and downloaded thousands of times each.

Both the Federal Bureau of Investigation and Mandiant, an American-based cyber-security firm, are investigating the breach, believed to have first occurred late last month.

“The theft of Sony Pictures Entertainment content is a criminal matter, and we are working closely with law enforcement to address it,” a Sony spokeswoman said in a statement to Variety earlier this month.

So far authorities have yet to determine who exactly is responsible for hacking into SPE. Rumors have abounded in recent days about a possible link to North Korea, however, with investigators from Sony, the FBI and FirmEye, another security company, all saying the method of attack shares characteristic typical of North Korean hackers. Government officials in North Korea have yet to deny those allegations.