As you may have heard, a few weeks ago Sony Pictures was hit with a monumental data breach, in which rogue hackers unearthed a treasure trove of private information ranging from in-house memos, emails, and even personal information about employees. While much of the fallout from the hack has surrounded the airing of dirty laundry, and people getting to learn a whole lot about what the movie studio never intended to publicize, a few days ago it was revealed that a recent audit actually notified Sony hire-ups that there were exploitable gaps in the company’s security well before the hacks occurred.
According to a post on Re/code, PricewaterhouseCoopers conducted an audit of Sony Pictures Entertainment’s computer network only a few months before the hackers unleashed their attack. Apparently there was “one firewall and more than 100 other devices that were not being monitored by the corporate security team charged with oversight of infrastructure.”
Ironically, this data point in and of itself is but one of many leaked correspondences going on within Sony. And while the hack of a movie studio may not seem like a big deal – as opposed to, say, hacks of Target or Home Depot – there are a number of everyday employees who answer phones, open doors, or mail packages, whose privacy was just invaded for doing nothing except having a job. Sure, now there are a few new movies leaked online for the pirates to enjoy. But there’s also tons of information like personal addresses and Social Security numbers floating among the data as well, and that’s a serious situation that goes well beyond the piracy discussion.
What’s the upshot here for the average computer user? In short, online security is serious business, and shouldn’t be taken lightly. It wasn’t so long ago that a score of female celebrities became victims in a similar privacy breach, as they’d had their iCloud accounts hacked and private photographs spread online against their wishes. As more happens online, the greater the risk there is for people to access your information and take advantage of security holes. This is only the beginning.
Change your passwords, and make sure you have different passwords on different sites. Keep track of your banking, and do your best to avoid being a victim. Additionally, despite Sony’s lax security in this case, they are definitely victims themselves, and not to be blamed for someone else’s crime. Just because you don’t have the strongest lock on your door, that does not give people license to kick your door in.