Massive Data Breach: Hackers Stole Personal Data of Nearly 7,000 Sony Gaming Employees

Recently, Sony Interactive Entertainment (SIE) sent a letter of warning to approximately 6,800 – 6,791, more accurately – current and former employees regarding a data breach that resulted in unauthorized access to their personal information. This incident marks the second reported attack on Sony's operations in the past two weeks.

According to the information provided by SIE, the company experienced a significant hack on May 28, 2023. The attackers exploited a zero-day vulnerability, specifically CVE-2023-34362, within the MOVEit Transfer platform. It was a few days later that Sony's specialists discovered the breach, which occurred despite prior warnings from the developers of MOVEit Transfer regarding the potential threat.

The details about the leak were revealed in a notice obtained by Bleeping Computer. 

In late June, the Clop ransomware group targeted and added Sony Group to its list of victims. However, the company refrained from making a public statement regarding the incident until now.

After SIE detected unauthorized access to its system, the company promptly took the affected platform offline. They initiated a comprehensive investigation into the incident, enlisting the support of third-party cybersecurity experts. Fortunately, no data belonging to SIE's clients or partners was compromised in the breach. The company has taken the necessary steps to inform law enforcement about the breach and continues to conduct an internal investigation.

Also, don't forget to join our 80 Level Talent platform and our Telegram channel, follow us on Instagram, Twitter, and LinkedIn, where we share breakdowns, the latest news, awesome artworks, and more.