Sony Pictures Entertainment's (SPE) computer hygiene in the years leading up to last month's hack was breathtakingly sloppy, with the movie studio's CEO regularly being reminded of e-mail, banking, and travel passwords in plaintext e-mails, according to an Associated Press report published Thursday.
Headlined "Sony emails show a studio ripe for hacking," the article is based on a review of more than 32,000 stolen corporate e-mails released on the Internet by people connected to last month's hack of SPE. The e-mails show CEO Michael Lynton repeatedly receiving plaintext passwords in unencrypted e-mails for his and his family's e-mail, banking, travel, and shopping accounts. The unencrypted e-mails were frequently sent by executive assistant David Diamond. Other e-mails included images of passports, driver licenses, and banking statements.
While the catastrophic hack that hit SPE is generating intense scrutiny of the company's security practices, it's widely believed that many if not most corporations and smaller businesses are no better at securing their data. Executives assume that e-mails they send can't be read by anyone other than the intended recipient. Employees have little awareness how easy it is for the computers and smartphones they use to be compromised and for those hacks to then spread to corporate networks. The AP quoted security expert Kevin Mitnick as saying, "It's pretty ordinary for CEOs and executive assistants to share confidential information by e-mail. They feel their e-mail is secure and they have nothing to worry about."