A new trove of documents leaked from the Sony Pictures hack is now out in the wild. And, somewhat astoundingly, it takes the whole debacle to a new level of absurdity since the data includes a file directory named "Password". Can you guess what's inside?
Yep, it's thousands of usernames and passwords. BuzzFeed rather easily found the "Password" folder in the newly released data and reports that it "includes 139 Word documents, Excel spreadsheets, zip files, and PDF's containing thousands of of passwords to Sony Pictures internal computers, social media accounts, and web services accounts." The kicker: "Most of the files are plainly labeled with titles like 'password list.xls' or 'YouTube login passwords.xlsx.'" Because when hackers go looking for sensitive information like login credentials, they would never think to search for the word "password".
Seriously, though, whichever cyber security whiz was keeping track of Sony Pictures' credentials didn't even try to hide it. This is what one of the Excel files looks like:
BuzzFeed points out that the passwords aren't even good passwords. They're not just social media accounts either. At least one department's document included passwords for everything from its AmEx account to its Amazon account. That makes it pretty easy for a hacker to go on a shopping spree!
There probably weren't any shopping sprees happening in Pyongyang, though. North Korea denies any involvement in the attack, despite all the rumors that it was in retaliation for Sony Pictures making a movie about assassinating Kim Jong-Un. It's starting to look like a band of hackers just did this for the lulz. Sadly, this isn't even the first time that Sony Pictures has had passwords stolen for lulz. Some companies never learn. [BuzzFeed]
Screenshot via BuzzFeed