Update (26th September 2023): Sony has put out a short statement regarding the recent report about an alleged ransomware attack on the company. It told IGN: "We are currently investigating the situation, and we have no further comment at this time."
Original Story: A ransomware group by the name of Ransomed.vc claims to have compromised "all Sony systems", as reported by Cyber Security Connect. At the time of writing, the claims have yet to be verified, but the site notes the group has "racked up an impressive amount of victims" in a short span of time.
Ransomed.vc is aiming to sell the data: "We have successfully compromissed [sic] all of sony systems," it says. "We wont ransom them! we will sell the data. due to sony not wanting to pay. DATA IS FOR SALE." Apparently, the group backs up its claims with some "proof-of-hack data", which includes screenshots of an internal log-in page, PowerPoint presentation, Java files, and a file tree, which apparently consists of fewer than 6,000 files. Cyber Security Connect notes this seems low for "all Sony systems".
The group has not listed a price but has provided contact information, and has issued a "post date" of 28th September 2023. Cyber Security Connect presumes this is when Ransomed.vc will share the entire leak wholesale if a buyer isn't found beforehand.
Unusually, Ransomed.vc considers itself not just a ransomware group, but a "ransomware-as-a-service" organisation. It claims to be a "secure solution for addressing data security vulnerabilities within companies", and operating "in strict compliance with GDPR and Data Privacy Laws". Its website states: "In cases where payment is not received, we are obligated to report a Data Privacy Law violation to the GDPR agency!"
We'll follow this story and share any developments if and when they arise.
[source cybersecurityconnect.com.au, via videogameschronicle.com]
Comments 84
I wish we didn't live in this kind of world.
Why is Sonys security such utter garbage? You’d think after the last big one they’d better their systems but nope.
Here we go again
So how many free games will Sony offer this time?
Please not again....
I'm curious if I have any data left to sell
The size of the files and the willingness to give it away for nowt suggests that they have nothing much to offer...
Why I've always used wallet top up cards for the occasional digital game and for the renewal of PS Plus subscription. The less places you put your bank details the more money you'll have and less likely to get scammed🤷
How much do they want? we could have a whip round between us dedicated Push Square readers
@DeathlySW
This isn't just Sony. This happens every day at all companies in the world. Only now it will come out.
Pillocks need to grow up. Nerds!
@DeathlySW Companies get hacked all the time.
@AdamNovice doesn't mean Sony's security can't be improved.
Also if these hackers end up posting details about Playstation's business such as hardware reveals and games in development, I hope Push Square decide not to publish it. These t***s only want attention so best not give it to them.
@Grimwood a hack like this is not very common dude 😂 last big cyber attack was in 2011to Sony so not an everyday occurrence at all.
@TommyNL I’m aware but Sony has a history of this. It’s a regular occurrence for them. Would love to see a a chart of hacks, which companies were targeted and the frequency of each one.
@DeathlySW It takes just one careless employee to click on a phishing e-mail link and boom.
Last cyber hack made Sony quickly kill the vita. Fairwell VR
The story doesn't add up.
They claim to be a legit white hat group but then acts like a red hat one.
@Fiendish-Beaver Agreed. Sounds fishy to me. You'd think they would publish something far juicier to get everyone's attention.
@Rmg0731
All 3 of the PSVR2 owners will be devastated
@Rmg0731 Yeah, this well is very fair.
Yea so what. This is only being made an issue because it has the Sony name on it.
Microsoft Corporation (not Xbox) just had 38TB of data leaked last week and the gaming community didn't even blink because they were focused on a mistake made by their lawyers when uploading data to the FTC
Removed - inappropriate language; user is banned
@Beerheadgamer82
Bank details are always hashed out and can't be retrieved. It's the name, address, passwords and email address they would get in a potential hack .so pre paid cards don't really improve your situation I'm sorry
Until there is actual proof of this so called hack, I wouldn't believe a word of it.
Hackers suck! At least I didn’t give them too much of my personal stuff and look at my stuff regularly.
@DeathlySW
If true, it’s been quite some years. It’s a constant game of cat and mouse with these things, not a sort it once and done.
@AdamNovice Yeah excatly what this kind of groups want most is media attention. You give them that and they become very happy becuse that also means that the value of the stolen data increases.
Removed - inappropriate language
@W1ck3d_p Other media outlets, including Eurogamer, are stating that their "proof of hack" is uncompelling.
@themightyant What proof? Nobody has seen any of the so called hacked files because their trying to sell it.
@Anthony_Daniels I disagree. Of course no one is immune to it. The less of a digital footprint you have the less likely you are to be effected, it's just simple math really. Scam emails are so easy to spot, YouTube channels like Atomicshrimp
Whilst its fair for longtime PS owners to be apprehensive after the PS3 era hack,& on the alert,let's await further information.
Not to belittle what would be a user nightmare true,but in my neck of the woods have seen a major Telci provider & also a private health insurer both subjected to massive data breaches & lax practices protecting sensitive customer data.
Likewise,remember Sony is a multi division company,so have they targeted PSN, or SIE, or indeed another division ala the time Sony Films got targeted?
Must admit have usually gone the psn wallet top ups myself,but not sure i can buy any ps plus top ups digitally unless one has a card payment attached for subscription renewal being turned on by default as a result?
@W1ck3d_p As stated in the article, and others, Ransomed.vc has provided SOME screenshots as "proof-of-hack data". But as others have suggested this looks pretty uncompelling so far.
Too many inconsistencies. Think they’re hoping the fear will make them more likely to pay out, which I doubt Sony would even contemplate.
I think 'didn't even blink' is over stating it, @TechGuyChris. If you look back there are numerous articles both here and on Pure discussing what was revealed as part of those leaks...
@DeathlySW
I get your point, but those statistics are not available. I think that Microsoft, for example, fends off a hacking attempt almost every hour. Or Google Apple and Amazon. You just don't read or see anything about it. And at Sony it happens more often because the Playstation brand is immensely popular.
If my account gets wiped that will be it for me as a die hard Playstation fan.
Well, have fun with my fake data, guys
U know with the ability these pieces of ***** have u think they could come up with something intuitive and valuable
We can hackz but we no writ so gud
@DeathlySW gotta remember the attackers only need to find one way in. The people being attacked need to secure against every possibility and protect against it. It's not as easy as it sounds.
Why the hackers do what they do: https://j.gifs.com/vJ18L6.gif
@ArmoredMore
We don't even know the actual magnitude of the back besides what this group is claiming. Sony hasn't even come out with an official statement yet so it's too early to tell if/how much the hackers managed to get away with.
Again? This is why I refused to add my credit card to my account since that first big hacker situation they had. Every time I buy something digitally on PS I simply use those gift card codes you can buy off amazon.
@JayJ Unfortunately, all major companies are targeted because hackers want "easy money".
lol I literally posted my Series X to its new owner today as I’m moving to PS5 and I read this! Oh well I just about got over the last hack they had which impacted me.
Absolute tools. I really dont want my data compromised again. Happened to me at work only last month. Getting sick and tired of this nonsense. What even is this world.
@ATaco lol ok thanks for the update, I guess !?
@ArmoredMore
Only replied to you because this doesn't seem to be anywhere near the magnitude of the 2011 hack, so you're kind of jumping the gun a bit.
I use my wifes account as she has more money than me so i'm ok 🤣
Never give into blackmail.
It sucks, but you can’t reward that behavior. It just feeds it.
@ATaco the severity is unknown. But if it’s made the headlines it’s quite likely to be the most significant attack since 2011.
Thanks for your input.
@Northern_munkey 😂😂😂👍
@ArmoredMore This is no where near the level of the 2011 hack. Otherwise PSN would be down right now. Yes, saddly what is being described in the article is in fact and every day occurence. It's even possible this is a bluff.
Ultimately it sounds like Sony's internal documents are what is compromised, not consumer data. I don't think any where cares of the PS5 Pro and PS6 gets leaked at this point. Let alone the new MX series Sony Wireless headphones with a slight revision to last years noise cancelling is really going to bother anyone.
True or not, anyone using their PSN password anywhere else should immediately go change all their passwords. Make sure they are all different.
I'm glad I didn't put my credit card in my account, I put it when I want to buy some games, and then I deleted it after I got the game.
Also, don't forget 2FA everyone, turn that thing on.
@NotSoCryptic That’s what I was thinking.
@NotSoCryptic I never said it was the same as the 2011 hack 🤦♂️
MGM Casinos got hacked recently too. Maybe the gambling industry will use some of it's resources to go after these hackers in real life.
Hopefully we will get a clearer picture on the elusive refreshed version of the base model, maybe somethibng on the pro and an actual future roadmap of single player games for Sony in 2024 beyond Wolverine and the 2nd party stuff.
It can be really hard to protect against this stuff, even when you’re keeping an eye out. I got done at work a couple of years ago, I was waiting for a report from a third party, chased it up, the person I had been speaking with to date responded with it attached and I opened it without giving it a second thought (as you would, I’m always getting emailed stuff, I had been asking for it, plus I inevitably was distracted at the time). Turns out their email had been compromised and they were just waiting for people to ask for stuff! I bet all sorts of weird file types get sent around Sony’s inboxes which doesn’t make spotting dodgy files any easier.
My password was 'password1' but thankfully I changed it to 'password2' the other day so they'll never figure it out. You've got to stay ahead of these people or you'll get burned.
So this is why they raised the PSN tiers so much, to pay for better security. (Sarcasm) i am sure this will blow over in time. Doesn’t seem near as bad as the first one they had.
What does this mean for users like us? Do they have our data or something for us to worry about? I'm not sure if I have my bank details saved on there.
Idk what to say abt this. But is there any way to protect your data after this?
@DeathlySW that's what I keep saying about T-Mobile.
This is why we can't have nice things and why not everything should be online either. Sigh ransomware attacks why now.
But Java files, log files (could be anything really), powerpoint presentations hmm, the rest not sure but java files has me wondering about their websites, store services let alone whatever programming they have for their products or something.
I do question 'what they actually have though' whether calling bluff or what internal documents (powerpoints and logs) versus whatever files of logs/java files they do have. Screenshots of logs makes me think 'why that why not just the files themselves' if they 'really have them', it does sound fishy.
If it's just internal then sure, if it's more than that I do wonder. With ransom it could be anything. If they are just targeting them for internal documents like Microsoft or Capcom sure and leaving customers/employees alone but not sure as selling data of people's details/whatever money people have I assume goes for a fair bit on the dark web. But for internal documents as the gaming industry is very secretive wouldn't be surprised either what they are after.
I don't use any credit/debit cards so completely fine and safe there gladly. Still annoying we have to experience these awkward times.
They need better solutions to protect their systems (I assume not calling a bluff either when it comes to things like this).
Encryption/hacking is a very important factor for sure. Not looking forward to the cloud future as it can have just as much issues for servers as it is internal computer systems, an employee clicking a bad email like Youtubers have with some sponsors or whatever the email directs to/labels themselves as, as having online consoles and some solutions can easily be passed through if not prepared enough.
If it's like the 2011 event hmmmmm (talk about another time to ruin the holiday season again), if it's just documents internally sure it's annoying for Sony (PlayStation and their MP3, Camera, Phones, TV and other services/product divisions), if it's employee/customer details from any side (PlayStation likely being a big target for sure) then eh not excited about that at all very scary stuff.
6000 files = huge? I have 10 times that amount of files on my computer and I consider that not a lot. 6000 is incredibly small. Maybe if it was 600000000000 files, they'd have a lot, but 6000 is too low. Those guys call themselves hackers and they think 6000 is a lot?
The reason Sony isn't even bothering to pay or entertain this is likely because they know those guys have absolutely nothing.
I wonder who will be the first entity willing to buy the all important Sony's files......
I always add my PayPal details right before making a purchase, than immediately remove them afterwards
And this is right around the time of another PS Plus price hike. I’d say not much of that is going towards security, and I have to wonder if any of it ever had since they made it mandatory to play online
Think we got a couple of free games last time Sony were hacked (2011) - wonder if they'll offer us anything this time round?
Probably not, tight b*st*rds....
Do I need to be worried my account information is compromised? Credit cards, password?
@zhoont atm there's not much to go on from this hack, but it's probably best to go ahead with changing your password and removing your payment options until we hear more.
Sony.... Getting Hacked Awaits..... Again.
"In cases where payment is not received, we are obligated to report a Data Privacy Law violation to the GDPR agency!"
How nice of these clowns to follow the law except, you know, the blackmail is bad part.
I've just changed my password last week because I forgot it, don't tell me I have to do it again Sony. 😅
@Member_the_game 🤣🤣🤣🤣🤣
Geez if you have that sort of skill on computers help people out. Pay it forward go and help out in your closest community centre teach how to use Linux and stuff like that , I help out with broken PCs or laptops I'm happy to fix them at home or at work and keep old stuff going. This is destructive be productive please.
Removed - inappropriate; user is banned
@MrMagic ive changed my password as well and if it keeps happening sony will get sued
@Terra_Custodes haha thanks, interested to see what happens when Ryan leaves though, hopefully we will get another Uncharted.
Show Comments
Leave A Comment
Hold on there, you need to login to post a comment...