Has Sony Been Hacked in 2023? Everything We Now Know

A ransomware group called Ransomed.vc says it hacked Sony — as does a hacker called MajorNelson. Here's the latest news.

Sony has launched a major internal investigation after a hacking group claimed to have pulled off one of the highest profile data breaches of the year at the expense of the Japanese tech giant. However, multiple parties are now claiming responsibility for the alleged Sony hack and conflicting data dumps have been made to further muddy the waters.

The first claims made by previously unknown Ransomed.vc ransomware crew are still to be independently verified and a hacker called “MajorNelson” has subsequently claimed responsibility for the breach. Both parties have shared data purporting to have been stolen from Sony online, but whoever is behind the attack, the threat of having its data sold by cyber criminals on the dark web is enough to have jolted Sony into action.

“We have successfully compromised [sic] all of sony systems. We won’t ransom them! We will sell the data. Due to Sony not wanting to pay. DATA IS FOR SALE,” Ransomed.vc is said to have posted on both the dark and surface webs, when it initially claimed to have hacked Sony.

Did Sony Get Hacked Again — and by Who?

News that Sony may have been hacked was first revealed by Cyber Security Connect, who claim that Ransomed.vc shared evidence of the hack with the Australian website including a number of internal documents such as a PowerPoint presentation and a number of Java files.

The specialist security site notes that the 6,000 Sony files claimed to be part of the leak is “small” in the scheme of Sony's overall operation, which brings into question the idea that “all of Sony's systems” have been compromised. It's not quite that straightforward, though. Conducting its own investigation into the claims, Bleeping Computer reports that Ransomed.vc contacted it to boast of having stolen a much more sizeable 260GB of Sony's data.

Surfshark logo🔎 Want to browse the web privately? 🌎 Or appear as if you're in another country?
Get a huge 86% off Surfshark with this special tech.co offer.See deal button

That security website, which has a strong reputation in its field, didn't find evidence of a breach of that size, however. The sample data it could directly link to Ransomed.vc only amounted to a teeny 2MB, while a larger (but still not ginormous) 3.14GB data dump was shared for free by a different threat called “MajorNelson” after the iconic former Xbox developer and blogger.

Their dump contained the following files, which include all of the data shared by Ransomed.vc, which is where the provenance of the alleged hack becomes so contentious.

  • SonarQube
  • Creators Cloud
  • Sony's certificates
  • A device emulator for generating licenses
  • qasop security
  • Incident response policies
  • and more.

Whatever the case, with echoes of the infamous PSN hack of 2011, Sony is apparently taking the potential breach seriously and has issued statements confirming it is “investigating” the situation.

Don't fall victim to cybercriminals, check out the best antivirus software for businesses today

What Happened in the 2011 Sony PSN Hack?

Back in 2011, there was no doubt about it: Sony was hacked and the consequences were catastrophic, both for the company and for users of its popular PlayStation Network online gaming platform.

Some 77 million Sony PlayStation Network (PSN) user accounts were hacked and the PSN was taken offline as a result, staying down for over a month. Sony was even dragged in front of Congress to explain itself, such was the severity of that breach.

This was followed in 2014 by another devastating breach, this time of the Sony Pictures Entertainment division, which was chalked up to North Korean state hackers.

Who Are Ransomed.vc?

That's the big question and the short answer is: No one seems quite sure yet. The ransomware group is a previously unknown entity on the cybercrime scene but is broadly understood to be both a ransomware operator and provider of ransomware-as-a-service (RaaS).

Confusingly, there are even suggestions of white hat hacking about the group and its ultimate motives, with Techbriefly reporting, that the outfit advertises itself as a “secure solution for addressing data security vulnerabilities within companies” and promises to uphold both European GDPR and broader data privacy standards. It adds that the group does not take payment for the data it obtains, as is suggested by its threat to simply dump Sony's data online.

In terms of that threat, the group says September 28th is the date it will share the contents of its hack. However, this date has thus far passed with no major new information, beyond the controversy in hacker circles over who is actually responsible for the 2023 Sony breach — if indeed the company has been breached at all.

Stay tuned for more, as we'll continue to update this article with the latest Sony hack news as it becomes available.

Now Read: Key Ransomware Statistics in 2023

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
James Laird is a technology journalist with 10+ years experience working on some of the world's biggest websites. These include TechRadar, Trusted Reviews, Lifehacker, Gizmodo and The Sun, as well as industry-specific titles such as ITProPortal. His particular areas of interest and expertise are cyber security, VPNs and general hardware.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals