Documents taken from Sony Pictures include 894MB of sales and contract data covering a period between 2008 and 2012.
According to CSO online, initial released documents included: private key files; source code files (CPP); password files (including passwords for Oracle and SQL databases); inventory lists for hardware and other assets; network maps and outlines; production schedules and outlines; financial documents and PII. Later in the week, the attackers released preview copies of Sony movies, including Annie, Fury, and Still Alice and warned that they would be releasing more information.
In the attack, a group calling itself “Guardian of Peace” compromised the Sony Pictures network, forcing the technology group to terminate network access across the company and preventing VPN access, email and network shares to be disabled.
A tweet told staff to “please do not log onto your PC equipment or company WiFi until further notice”. Employees were told that it could take “up to three weeks” before normal service is resumed, reported the Times, with an insider saying that staff have been “sitting at their desks trying to do their job with a pen and paper”.
Within the files, which included PDF files that apparently contain the passports, visas, and other associated identity documents of cast and crew for various Sony productions, contain some metadata, which when combined with the document templates and phone list, could help initiate social engineering attacks on various parts of the company, such as the helpdesk.
In addition, one outdated document disclosed network usernames, passwords, and American Express account information (card data and Internet account details), something else that could be used in a targeted attack.