Cybersecurity Scary Stories: The Sony Data Breach

Cybersecurity | October 26, 2021

Lights, camera, hack-tion. What happens when Hollywood-giant Sony Pictures falls prey to cybercriminals? Here’s the whole nail-biting narrative.  

In late November of 2014, a hacker group going by the name Guardians of Peace leaked an incredibly large amount of sensitive information straight from the computers of Sony Pictures to the media. According to reporting from Vox, The data exposed included private employee information, personal staff communications, and even full, unreleased movies from Sony’s servers.  

In total, the hackers would steal terabytes of Sony data, duplicating their files and then deleting the original copies from the server. To the public’s knowledge, no one at Sony was aware of the attack until the morning of Monday, November 24th when employees came into work to find a rather threatening image (seen below, from Reddit) upon their screens. 

Cybersecurity Scary Stories – The Sony Data Breach

Alleged Sony data breach hacker image. Posted to Reddit.

Ominous, isn’t it? 

In the weeks following the cyber-attack, Sony executives were practically held hostage by the hackers, who systematically released films, salary information, and more to various news sites and file-sharing platforms. According to reporting by The Next Web, among the movies stolen were the new “Annie” film, “Fury” starring Brad Pitt, “Mr. Turner,” “Still Alice,” and “To Write Love on Her Arms.”  

All five have now been illegally downloaded thousands of times.  

The hackers also revealed relevant information about Sony itself in the attack. Leaks uncovered by Vox allegedly showed that, at the time of the hack, men were paid significantly more than others at the top levels of the company. What’s more, rude commentary about big-name stars amongst corporate executives was made public, they can be seen now on WikiLeaks.  

But it wasn’t until December – nearly two weeks after the initial attack – that the Guardians of Peace would reveal their true intentions to Sony execs. 

Enter: “The Interview”

You see, amidst the chaos, Sony Pictures was also producing “The Interview” – a highly controversial film produced by and starring Seth Rogen. Set in North Korea, the movie centers around two Hollywood journalists who attempt to assassinate North Korean leader Kim Jong Un. The original version of the film culminates in a fairly graphic scene depicting Kim Jong Un’s death.  

Objections to the subject matter of “The Interview” rolled in early from international Sony execs who feared for movie-goers safety according to reporting from Gawker and, of course, North Korean officials themselves who saw the film as a personal affront. However, it wasn’t until the Sony data breach that these threats were taken seriously. 

On December 16th, 2014, the Guardians of Peace contacted Sony Pictures threatening real violence against any theaters that showed “The Interview.” While no credible threat was ever detected or carried out, the invocation of terrorism alone was enough for Sony to pull the picture altogether on December 17th 

Some foreign policy experts maligned this decision, arguing among other things that Sony was setting a precedent for controversial content. In fact, in a press conference on December 19th, President Barack Obama is cited by Deadline as suggesting that Sony “made a mistake.”  On December 23rd, therefore, Sony reversed their original decision, agreeing to let theaters who wished to show the film and while simultaneously release it on streaming platforms. However, at the time many of the large theater chains categorically refused to show films that we released both in theater and online, basically ensuring that “The Interview” would be a sales flop. 

While no charges have been brought forward, the FBI and the NSA both claim to confirm that North Korea itself was behind the attack. And while in the end no one was actually hurt, at the moment the threats caused by this data breach didn’t just feel real – they felt visceral.  

All this to say – cybersecurity isn’t just a business issue, it’s a safety issue. And if you aren’t doing everything in your power to protect your private information then you aren’t doing nearly enough.  

EMPIST Can Help 

Luckily, we’ve got the skills to help you get started.

To learn more about EMPIST cybersecurity services, contact us online today 

(Sources: Re/code, Slate, The Hollywood Reporter, The Next Web, Vanity Fair, Vox, Deadline)