BUSINESS

Stolen Sony files reveal lax internal security practices that ex-hacker calls 'sloppy'

12/17/2014 08:09 EST | Updated 02/16/2015 05:59 EST
WASHINGTON - Stolen emails show that Sony Pictures Entertainment suffered significant technology outages in the weeks before a hacker break-in. The studio blamed software flaws and incompetent technical staffers who weren't paying attention, even as hackers targeted executives to trick them into revealing their online credentials.

The emails also show that Sony Pictures' chief executive was regularly reminded in unsecure emails of his own secret passwords for his and his family's mail, banking, travel and shopping accounts.

The stolen files don't reveal how hackers broke into Sony, who was involved or their motives. But they expose lax security practices inside Sony that include pasting passwords into emails, using easy-to-guess passwords and failing to encrypt especially sensitive materials. That includes confidential salary and revenue figures, strategic plans and medical information about some employees.