Back to all articles
Phishing

The Cyberattack on Sony Pictures (2014)

Jun 04, 2026

The Cyberattack on Sony Pictures (2014)
In 2014, Sony Pictures experienced a massive cyberattack later linked to North Korea following the release of the controversial film The Interview. The attackers utilized spear-phishing to obtain employee passwords and gain access to internal networks. At the time, Sony had weak security practices. There was no two-factor authentication (2FA), employee passwords were simple, emails were stored unencrypted for years, and servers were not segmented according to security levels. Once inside the network, the attackers moved laterally to find valuable information. They stole terabytes of data, including film documents, emails, personal and financial records, and destroyed many systems, making them inaccessible to staff. Subsequently, sensitive information—including employee emails and intellectual property—was leaked online, causing massive financial losses, legal costs, and reputational damage. This attack demonstrated that cyber threats are not always motivated by profit; they often have political motivations. It highlighted the importance of serious investment in information security, employee education to recognize phishing, strong password policies, and network segmentation.

References

https://sl.bing.net/ef7f4SkvZYG
https://www.sipa.columbia.edu/sites/default/files/2022-11/Sony%20-%20Written%20Case.pdf
https://learn.g2.com/most-common-phishing-attacks#spear-phishing