Today the Federal Bureau of Investigation released a statement confirming that North Korea was behind the recent hack of Sony Pictures Entertainment. Many have stated that this might be a false flag tactic while FBI investigates the true culprits. In any case, this recent news shows the damaging nature of a company wide hack.
The original compromise became public last month on 11/24. Information from Sony Pictures Entertainment including personal employee details--such as health information, Social Security Numbers, and salaries, along with unreleased movies, were made available online by the perpetrators. Over the next few weeks more details were released including high level emails and other damaging details that are now springing up as part of various lawsuits.
Whoever the culprit was, they likely had advanced knowledge of Sony’s computer system. There is evidence of fifty hard coded server names in the malware used. This is leading some to believe the compromise began as far back as February. According to Verizon Data Breach Investigation Report, 66% of breaches take months or years before they are discovered.
Along with the breaches of Target, Staples, Michaels, and The Home Depot, it is apparent that large scale breaches are becoming more frequent.
Engine Yard is committed to security and we continually do everything we can to ensure all environments are secure. We have increased security measures regarding system access and physical security for our staff around the globe. Additionally, we have implemented many measures that limit our Support and Engineering access to our customer’s data.
If you, at any time, have questions in regard to the security procedures or controls in place here at Engine Yard, please do not hesitate to contact support for more information either through the ticketing system or through the #engineyard channel on irc.freenode.net.