TIME Security

3 Reasons People Think North Korea Hacked Sony

And 4 reasons it might have been somebody else

It’s been more than three weeks since Sony Pictures employees arrived in their offices to find threatening messages accompanied by glowing skulls placed by hackers on their computer screens, but the embattled studio is still dealing with the fallout. Terabytes of Sony’s internal data has been leaked online. Sony’s been hit with multiple ex-employee lawsuits. Ominous warnings have been issued about attacks on movie theaters that play Sony’s upcoming The Interview.

But we still don’t know a basic question: Who hacked Sony?

The person or people claiming responsibility call themselves the “Guardians of Peace,” or GOP. Early reports suggested North Korea was behind the GOP, and there’s been some evidence of that. But North Korea has denied responsibility for the hack, and it’s equally possible the assailants planted clues leading to North Korea as a distraction.

Here’s why people think North Korea was involved:

The attack looks similar to hacks previously linked to North Korea, according to cybersecurity analysts. In a hack like the one against Sony, the attackers most likely found a way to infect Sony’s systems with malware, probably through an email. Once Sony’s system was infected, the hackers could use what’s called a command-and-control server to steal data. And, as it turns out, the malware being used against Sony communicates with at least one of the same command-and-control servers used in previous attacks attributed to North Korea.

It’s improbable that’s a coincidence, experts say. And the malware itself was developed and compiled on systems set to use the Korean language, another clue pointing to North Korea.

“It’s highly unlikely to see another piece of malware that carries strong similarity characteristics and uses the same command and control server,” Kaspersky Lab analyst Kurt Baumgartner says. “It’s a very unique indicator.”

North Korea has a motive. The leaders of the reclusive nation are furious about Sony’s upcoming release of Seth Rogen and James Franco comedy The Interview, which revolves around an assassination plot against North Korean leader Kim Jong-un. North Korea has called the movie an “act of war.”

The hackers are doing whatever they can to stop people from seeing The Interview. On Tuesday, the hackers or somebody claiming to be associated with them threatened to attack movie theaters that screen The Interview. At least one theater chain has already decided not to show the movie.

But there are reasons to doubt North Korea’s involvement:

North Korea has denied the hacks. The government officially claimed it wasn’t responsible, but praised it as a “righteous deed.” American law enforcement is investigating any possible North Korea links, but so far hasn’t found evidence of one.

It’s easy enough to buy and sell malware. There’s a big black market for malware, and a lot of it is simply traded, repackaged and used again. So the similarities between the Sony attack and earlier hacks linked to North Korea may not be so telling.

The North Korea clues and theater threats could be a red herring. North Korea was making vague threats over The Interview long before Sony was hacked. If random hackers attacked Sony because they found an exploitable weak point, they might have left clues pointing to North Korea and made threats to keep attention squarely on Pyongyang.

It could just be random hackers. Sony has long been a favorite target of hackers around the world. Its PlayStation Network, for instance, has repeatedly been hit by disabling attacks. That’s at least in part because back in the mid-2000s, Sony put software on millions of music CDs that, when put in a computer, would automatically install software meant to make it harder to illegally copy those albums. Sony’s software, however, installed itself without users’ knowledge and exposed users’ machines to security vulnerabilities. Many in the hacker community have not forgiven Sony for the practice, which it ended in 2007.

Read next: These Are the Theaters That Have Pulled ‘The Interview’ After Threat

TIME Companies

Al Franken Blasts ‘Lack of Detail’ in Uber’s Answers to Privacy Questions

"Quite frankly, they did not answer many of the questions I posed directly to them"

Senator Al Franken expressed concern this week with the way Uber’s privacy policies remain unclear, in the wake of criticism over the company’s use of customer data.

I recently pressed Uber to explain the scope, transparency, and enforceability of their privacy policies. While I’m pleased that they replied to my letter, I am concerned about the surprising lack of detail in their response,” Franken said in a statement. The senator chairs the Subcommittee on Privacy, Technology, and the Law.

“Most importantly, it still remains unclear how Uber defines legitimate business purposes for accessing, retaining, and sharing customer data,” Franken said. “I will continue pressing for answers to these questions.”

Franken’s letter, dated Nov. 19, addressed reports that execs had planned to dig up dirt on critical journalists, and that employees had abused Uber’s “God View,” which shows the location of all of Uber’s cars, to spy on riders’ whereabouts. In the letter, Franken listed 10 specific questions, ranging from what happens to customers’ data after they delete their account, to what training is provided to ensure employees abide by company policies.

Uber’s response to Franken’s letter described how the two incidents violated company policy. In particular, Uber clarified its policies regarding “God View,” stating that it is available only to certain employees, such as those working in operations. The company also said that recent press articles have “continued to generate misperceptions about how Uber employees treat the personal data of Uber riders.”

TIME celebrities

Who Is Amy Pascal? Meet the Exec Tangled Up in Sony’s Leaked Emails

The Co-Chairman of Sony Pictures Entertainment has been the executive behind successful movies like Skyfall and Zero Dark Thirty

Sony executive Amy Pascal found herself in the headlines this week after her company was hit by hackers, exposing emails ranging from racially insensitive exchanges about President Obama to reports that she served as an intermediary between the company’s brass and Seth Rogen in toning down Kim Jong-un’s death scene in The Interview (though Rogen has thanked Pascal for having “the balls” to make the movie at its Thursday premiere).

Though Pascal’s name may be unfamiliar to some readers, her films surely are not: she’s overseen major blockbusters from When Harry Met Sally to The Da Vinci Code.

Pascal is currently the Chairman of Sony Pictures Entertainment Motion Picture Group, the division responsible for the company’s film production. Alongside Michael Lynton, she’s also co-chairman of Sony Pictures Entertainment (SPE), the umbrella over the Motion Picture Group, the Television Group, Networks and other operations. Lynton is CEO of SPE, and as such is Pascal’s boss.

Pascal began her career as a Hollywood secretary and soon climbed the ranks to become Vice President of Production at 20th Century Fox. She joined Columbia Pictures, a division of SPE, in 1988, overseeing movies like Groundhog Day and A League of Their Own. She left in 1994 to become President of Production at Turner Pictures, but returned to Columbia two years later as President. She was promoted to Chairman of SPE’s Motion Picture Group in 2003, and became Co-Chairman of SPE in 2006.

Pascal and Lynton have had a fruitful relationship as business partners, with Pascal acting as the intuitive pro at picking scripts likely to succeed and Lynton functioning as her business-minded counterpart. According to a 2009 New York Times story, Lynton couldn’t fathom Superbad becoming a profitable film when he read the script, but since it wasn’t very high-budget, Pascal was able to convince him they should take it on. It was a good bet: the movie cost only $18 million to make, but yielded $120 million at the domestic box office.

Though Pascal engaged in racially inappropriate emails with producer Scott Rudin (for which Pascal apologized), speculating on President Obama’s taste in films with African-American narratives, she’s been a generous donor to Obama and other Democrats.

Pascal is on Forbes’ 50 Most Powerful Women list and was elected to the Academy of Motion Picture Arts and Sciences’ board of governors last year.

Read next: Hackers Sent Sony Employees a Terrifying New Message

TIME Security

Hackers Sent Sony Employees a Terrifying New Message

Sony Hack
Sony logo. Koichi Kamoshida—Getty Images

The hackers might still have access to Sony systems

A hacker group calling itself the “Guardians of Peace,” or #GOP, sent an ominous new warning to Sony Pictures Entertainment employees on Thursday, causing the scary message to flash upon computer screens.

An unnamed individual familiar with the situation told TheWrap that several Sony employees received the message and most felt “disturbed.” Another source said the threat promised to do more damage if the #GOP’s demands aren’t met.

It’s been almost three weeks since hackers calling themselves the Guardians of Peace first broke into Sony’s systems before posting unreleased films and company documents online. The new warning is evidence the hackers still have access to the company’s network.

Sony executive Amy Pascal, meanwhile, told TheWrap that the hackers have “everyone’s emails in this company for the last 10 years.”

The identity of the hackers who targeted Sony is unknown. Some believe they’re tied to the North Korean government, which is furious over an upcoming Sony comedy about an assassination plot against the country’s leader.

[TheWrap]

Read next: The 7 Most Outrageous Things We Learned From the Sony Hack

TIME Smartphones

9 Steps to Make Your Smartphone Totally Hacker-Proof

smartphone
Getty Images

Don't use public Wi-Fi networks that aren't password protected, for instance

If you use an iPhone, your days of lording its security features over Android users are numbered.

When it comes to the seemingly endless head-to-head showdowns between the two operating systems used by 94% of Americans, Android’s major selling point is also its Achilles heel. Its customizability means Android users can download apps from anywhere, increasing the risk of infection via malware that can skim sensitive info, send spam messages, or freeze the phone until the owner coughs up a ransom.

Spyware is still far more prevalent for Android devices than iPhones due to Apple’s tight vetting of apps before they make it onto the App Store. Android’s greater market share has a lot to do with it, too, as cyber-criminals can attack more Android phones with a single infusion of malicious code.

But a recently discovered piece of malware called WireLurker attacked iOS devices through a compromised computer, indicating that not only are malware creators increasingly focusing on mobile, but that Apple may soon represent as good a piece of game as Android.

What about Windows Phone and BlackBerry, which make up just 5.9% of US smartphone users combined? “These haven’t attracted the same kind of attention from malware authors that Android has,” says Jeremy Linden, Senior Security Product Manager at Lookout security firm.

However, as our smartphones become our go-to devices for everything from shopping to business, it’s likely that the tiny computer in your hand – no matter which operating system it runs – will increasingly become a target for cybercriminals.

Here are nine things you can do to ensure the security of your device now:

1. Log out after banking and shopping

Using online banking on your smartphone browser should be as safe as using it with a desktop browser, assuming the bank implements the appropriate security measures, says Linden.

Just make sure you log out when you’re done. Signing out from your account prevents cyber-offenders from viewing your personal financial data if your smartphone is hacked. The same goes for shopping sites, where your credit card info may be visible to anyone snooping on the transaction.

Or use your bank’s official app. “Banking apps are set up to be encrypted and protect your information even if the network you’re using has been compromised,” Linden says. Ensure you’ve downloaded the real app and not a malicious copy. Earlier this year, Lookout found a clone of the app for Israel-based Mizrahi Bank, designed to steal customers’ login credentials.

2. Only use public Wi-Fi hotspots that require passwords

Use public Wi-Fi only on secure networks requiring a password to access, ideally only from providers you trust such as the coffee shop you’re at, a city’s official Wi-Fi or a telecommunications operator. Unsecured networks allow hackers to view all web traffic over the network, including passwords and even the contents of unencrypted email (that is, most people’s email).

If you’re planning to connect to public Wi-Fi a lot — for example, while traveling abroad — use an encryption app such as Freedome (Android or iOS) that can secure your connection to any Wi-Fi network so that your data is unreadable. The app also blocks tracking while you’re surfing the web.

3. Set a password on your lock screen

The humble password can prevent an even more insidious crime: allowing someone you know to install spyware onto your device.

Last year, Lookout found that 0.24% of the Android phones it scanned in the United States included spyware designed to target a specific person. That’s tens of thousands of people whose calls, messages and photos were being monitored by someone close enough to access their phones.

No matter what type of smartphone you use, a good password is also your first line of defense against the most basic security issue: losing your phone. As long as you don’t pick an easily guessed combo like 1111, a password can hold off a would-be thief long enough for you to locate and remote-erase your device via the Android Device Manager, Find My iPhone or Windows Phone sites. (BlackBerry users need to have previously downloaded the BlackBerry Protect app, unless the device uses the BlackBerry Enterprise Server.)

4. Check permissions requested by new apps

According to Lookout, adware is the most common security risk with apps. While ads help app makers turn revenue, some contain adware that may collect personal details or usage habits without your consent, send messages with links to buy fake products or force your device to send premium-rate SMS text messages.

Before downloading an app, read through what permissions it requests from you. If a Flappy Bird clone wants access to your contacts and call history, for example, it’s probably best to cancel that download.

If you suspect you’ve already downloaded adware (based on symptoms such as a deluge of pop-up ads or in-app messages asking you to click on a link), uninstall the app that is delivering the aggressive advertising.

5. Get a security app

If you don’t know which app is the culprit or if you simply want to check your phone’s bill of health, a free security app such as Lookout (Android or iOS) or Avast Free Mobile Security (Android or iOS) can scan the apps on your phone for malware including adware, spyware and viruses. If malware is detected, the security app will remove it.

These apps can also locate your device if you lose it, sound an alarm or message it in case someone has found it, back up your contacts online and remote-erase everything if all hope of getting your phone back is lost.

Check out our comparison of free and paid security apps for more information.

6. Review your download habits

“Non-jailbroken iOS devices are less likely to download malware,” says Linden. (The same goes for Windows and BlackBerry phones.) But if you’ve performed tech surgery to rid your iPhone of its limitations or if you use an Android phone, Linden recommends avoiding downloads from third-party app stores, where malware is much more prevalent. Install a security app that can alert you to suspected malware.

Even if apps are on the official app market, only download from trusted developers, and check the reviews for complaints.

7. Disable app downloads from unknown sources (Android only)

Lookout recently identified a piece of malware called NotCompatible.C that allows your phone to be used without your permission. For example, ticket scalpers could use the malware to route bulk ticket purchases through a group of infected phones, thus hiding their identity and location.

NotCompatible is downloaded secretly onto Android phones from sites harboring it; links to such sites have been found in phishing emails. To avoid similar sneaky malware downloads, disable app downloads from unknown sources, found in the Settings/Security menu.

In general, it’s best to avoid clicking on links in emails from unknown senders or, according to Lookout, clicking on shortened URLs like bit.ly, since you can’t see the domain it leads to.

8. Don’t grant apps administrator access (Android only)

Back in July, an intimidating type of Android malware made the rounds. The so-called FBI ransomware froze infected phones, popping up a message that the FBI had locked the phone because the owner had violated federal law by visiting illegal sites including child pornography websites. To access the phone (and its data), victims were asked to pay several hundred dollars.

Ransomware may also request administrator rights at installation, giving the wayward app the ability to lock the phone, read notifications and remote-wipe your data. Once given, you may never be able to retract the access, as in the case of the trojan Obad.a, which hid itself and set to work scraping users’ info, spamming contacts and downloading more malware.

“When ransomware is downloaded to a phone from a malicious website, it takes the form of an APK (Android application package), often disguised as an anti-virus app,” Linden says. “Or it may in some way trick you into launching the app. To avoid this, do not grant applications administrator access unless the app is reputable.”

If you must travel off the beaten path for apps, only download non-app store apps from trusted third parties.

9. Install OS and app updates

Finally, the obvious but biggest way to protect your smartphone security: Download software updates for your phone and its apps whenever they’re available. Updates are designed to patch bugs and vulnerabilities.

This article was written by Natasha Stokes and originally appeared on Techlicious.

More from Techlicious:

Researchers Develop a Smartphone Screen that Corrects for Vision Problems
Amazon Now Lets You “Make an Offer”
1.2M Smartphones Stolen in 2013, Thefts Down in 2014
Colleges Using Big Data to Track At-Risk Students

TIME How-To

5 Awesome Things You Didn’t Realize You Could Do With iPhone’s Touch ID

Apple iPhone Touch ID
An employee holds an Apple Inc. iPhone with the "check out" section of a demonstration bank payment web page using the Zapp money transfer and payment system in this arranged photograph at the company's offices in London, U.K., on Thursday, Jan. 16, 2014. Bloomberg—Bloomberg via Getty Images

Like most of Apple’s new technologies and modern conveniences, Touch ID is something you didn’t know you needed until you got it. As a fingerprint-authorized security sensor embedded in your iPhone 5S-or-newer handset (and on the newest iPads), this innovation lets you securely unlock your phone with a simple touch and make wallet-less purchases using the company’s Apple Pay service.

But that’s only where this technology begins. Here are five more ways you can use Touch ID to lock down your digital life:

Authenticate Your Apps

As great as Touch ID is, it will only keep people from monkeying with your Apple device. If someone knows the password to your web-based accounts like Facebook or Gmail, they can just log in on other hardware. Two-factor authentication, the process of using more than just a password to log into a service, doubles up your security, and apps like Authy can give you that added layer by providing you with a “token,” or a code that changes every 20 seconds.

This technology isn’t new, but Authy (which is free) allows users to lock app with Touch ID, giving it three levels of authentication — one of which being your fingerprint — making your accounts as secure as can be.

Unlock Your Computer

Once you start using Touch ID to secure your iPhone or iPad, you’ll start wondering why you still have to peck a password into your computer. Well, you can get around that with FingerKey, a $1.99 iOS app (with a complementary Mac program) that uses the fingerprint sensor embedded in your mobile device’s home button to autofill your computer’s passkey.

By pairing the phone to your computer via Bluetooth, the software duo forms a secure connection, waking the computer and entering your password. Right now, the solution is only available for Apple computers, but Linux and Windows versions are already in the works.

Secure Your Phone Records

Using Google Voice is a great way to trim back on your cellular service, but you can also take your number with you, roaming-free, when you travel worldwide. There are many ways to access the service on an iPhone, but one way to keep the app under wraps is by using GV Connect. This $2.99 app not only bundles together all of Google Voice’s great features, like voicemail transcription and text messaging, but it also lets users lock down the app using Touch ID, ensuring that all your records, texts, and voicemails stay private.

Protect Your Personal Journal

Remember when you were a kid, and your little sister Cindy read your diary? Oh wait, you’re not Marsha Brady. But then again, who writes diaries anymore? Instead, they log extensive journals on great apps like DayOne, a 2014 Apple Design Award winner that allows users to capture all the details of their lives using smartphone tools, from what song was playing when you first met her, to what the weather was like on the day he was born.

And with Touch ID security, now those details are locked away as safely — or moreso, perhaps — as if they were in your mind. So rest assured, your deepest thoughts and biggest secrets can indeed be committed to text while being completely shielded from prying eyes.

Sign Sensitive Documents

In 2005, Iraqi voters produced images of what they call the “electoral stain,” an ink-covered finger of people who just made their mark. If you can vote with a fingerprint, imagine if you could sign a contract with one too. SignEasy lets iPhone and iPad users do this through its handy app, linking the secure fingerprint sensor with e-signatures to authorize documents via mobile devices.

More secure than just scrawling your name on the touchpad, this free app makes the process more secure than before, when a four-digit pin code was required to make your mark. Get that — a pin code. How quaint! You might as well just use a pen.

TIME Security

Here’s How Sony Is Hacking Back to Defend Itself

Sony Hack
The Sony Corp. logo is displayed outside the company's showroom in Tokyo on Oct. 30, 2013 Bloomberg/Getty

Denial of service attacks allow Sony to slow the leak of its data

Sony is reportedly turning to defensive hacking to prevent its breached files from spreading after it was hit by hackers who leaked unreleased movies and employee data last month.

First, the company is flooding websites hosting stolen files with dummy content, unnamed sources told Re/code. That move makes it harder for users to know if they’re downloading real leaked Sony files. But that technique is nothing new — media companies often used it in the early days of file sharing to dissuade piracy in the dial-up era, when illegally downloading a movie was an hours-long affair.

The more interesting claim in re/code’s report is that Sony is using Distributed Denial of Service (DDoS) attacks against websites hosting stolen Sony files. Those attacks send bogus Internet traffic to a target server in hopes of slowing other users’ connections to a standstill.

DDoS attacks are easy from a technological standpoint. A hacker who wants to conduct one only needs control over a large number of computers, which they typically get from sneaking malware onto unsuspecting users’ machines. Still, that Sony could be attacking servers hosting its stolen stuff is significant in terms of understanding the company’s damage control strategy.

A recondite group of hackers that some have linked to North Korea have already published Sony Pictures Entertainment financial information, salaries, internal emails and feature films on file-sharing websites.

[Re/code]

TIME Security

Security Flaws Discovered on Alibaba’s Marketplace

Credit card details were not exposed

An Israeli research firm said Wednesday that it found security flaws on Alibaba Group’s international marketplace that exposed merchants and shoppers to serious risks. The Chinese e-commerce giant said it has since fixed the problem.

The flaws on the website were discovered in AliExpress, a marketplace that helps Chinese sellers market goods to overseas customers in Russia, Brazil and the U.S., the Wall Street Journal reports.

Israeli researchers from the security firm AppSec Labs said weaknesses in the site could have allowed attackers to take over merchant shops and change prices, alter shipment details and shut down the shop. Customers’ shipping addresses were also exposed. Credit card details, however, were not vulnerable.

MORE: Alibaba founder Jack Ma, TIME Person of the Year runner-up

Alibaba said it resolved the security vulnerability quickly and that no user data was exposed.

[WSJ]

TIME Security

Could Sony Employees Sue After That Massive Hack?

Sony Hack
Sony Corp. signage is displayed atop the company's headquarters in Tokyo, Japan, on Thursday, July 31, 2014. Bloomberg—Bloomberg via Getty Images

Employees' data was breached as part of hack against Sony

Thanks to a devastating hack at Sony Pictures Entertainment last month, we know what James Franco earned for The Interview and we have a sneak peek at Will Gluck’s new movie Annie.

But more importantly, the attack dealt a serious blow to the privacy of thousands of Sony employees who saw their social security numbers, dates of birth, salaries and even medical records leaked online. The breach leaves them vulnerable to identity theft or extortion.

So, if you work at Sony Pictures and you’ve been hit by the hack, what do you do now? Sony employees may have a pretty good shot at suing the company under California law, perhaps to the tune of many millions of dollars, lawyers say. Sony Pictures Entertainment is based near Los Angeles, so California is the best state to host a suit.

The Golden State has some of the strictest employee information disclosure laws in the country, which would give workers wide latitude to get some kind of compensation from the company. California law is designed to protect residents from having their personal information disclosed by a company or other institution.

In Sony’s case, it’s not that Sony intentionally disclosed the data. Instead, the question is whether it did enough to protect it from being disclosed by others.

The fact that hundreds of employees’ medical information, including complaints about unpaid insurance claims and lists of costly medical procedures, makes Sony especially exposed to a lawsuit, lawyers said. California’s civil code says that “any individual may bring an action against any person or entity who has negligently released [their] confidential information” and win $1,000—and that’s without proving direct damage.

How could Sony defend itself from an employee suit? It would have to prove in court that it did a good job of protecting workers’ data — a point that’s been disputed over the last several days.

“[If] all possible safeguards had been put in place, I think that’s going to matter to enforcement agencies and to a court,” said Peter Rukin, a partner at Rukin, Hyland, Doria & Tindall LLP who specializes in employment litigation. Rukin added that Sony is vulnerable unless it “can show data [was] encrypted under best practices.”

Sony may have an uphill battle making that case. “Sony’s ‘information security’ team is a complete joke,” one former employee recently told Fusion. “We’d report security violations to them and our repeated reports were ignored.” Of the 11 people (out of 7,000 employees) responsible for Sony’s security, eight were managers.

Still, a cybersecurity firm contracted by Sony to help clean up the attack said on Monday that the hack was something for which “neither [Sony Pictures Entertainment] nor other companies could have been fully prepared.”

Whether that’s true could be decided in a courtroom. It already looks like some kind of lawsuit may be in the works — a cohort of former Sony employees are mulling a class action, Fox News reported based on unnamed sources, and many workers have been communicating with a major law firm. Rukin said a class action, it it happens, could be filed in a matter of weeks or even days. Sony hasn’t yet responded to a request for comment.

Correction: The original post misstated the name of Will Gluck’s new movie. It is Annie.

 

TIME cybersecurity

The 7 Most Outrageous Things We Learned From the Sony Hack

'The Interview' Barcelona Photocall
Seth Rogen (L) and Evan Goldberg pose during a photocall for their latest film 'The Interview' at the Hotel Mandarin on June 18, 2014 Robert Marquardt—Getty Images

From dissatisfaction with Adam Sandler to embarrassing gender statistics

The breach that crippled Sony at the end of November is not over yet. On Dec. 8, the aliases of 11 Hollywood celebrities were leaked, and internal information continues to leak about about the beleaguered company—from unreleased films to employee salaries to actors’ cover identities. And the hackers responsible are reportedly making increasingly threatening demands on Sony. Dubbed the Guardians of Peace, the hackers have allegedly called for monetary compensation, told Sony to stop the release of The Interview, and threatened employees’ families. Here are 7 of the craziest things hackers hitched from Sony.

Seth Rogen made more money than James Franco for The Interview. The hackers wormed into the studio’s movie budgets, and found that The Interview cost $44 million to make. Rogen is making $8.4 million and Franco is raking in $6.5 million. The two actors are co-stars, but Rogen (who is four years younger) also co-directed the film, which may be the reason for the salary differential.

Some people at Sony are not Adam Sandler fans. Based on a trove of workplace complaints discovered by Gawker, there’s some dissatisfaction with the 48-year-old comedian. “There is a general “blah-ness” to the films we produce. Althought [sic] we manage to produce an innovative film once in awhile, Social Network, Moneyball, The Girl with the Dragon Tattoo, we continue to be saddled with the mundane, formulaic Adam Sandler films,” said one Sony employee. “And will we still be paying for Adam Sandler? Why?”

Only one female Sony employee earns more than $1 million. The $1-million-and-over club at Sony is male and white. Just one woman, co-chair of Sony Pictures Entertainment Amy Pascal, is in the group.

You can watch unreleased Sony movies online. The hackers managed to leak files of major Sony films that are set to be released this year, including Annie, Mr. Turner and Still Alice.

Sylvester Stallone and Judd Apatow’s social security numbers are on the Internet as a result of the hack. So is their compensation, along with the salaries and personal information of a lot of other celebrities.

Tom Hanks, Jessica Alba and Natalie Portman have alter egos …and they sound kind of odd. The stars use aliases to do normal people things. Hanks is “Johnny Madrid,” Tobey Maguire is “Neil Deep,” Jessical Alba is “Cash Money,” Natalie Portman is “Lauren Brown” and Rob Schneider goes by “Nazzo Good.”

A script by the creator of “Breaking Bad” leaked, too. Vince Gilligan, the creator of “Breaking Bad” had an unreleased pilot of in the works, and hackers got a hold of that, too, according to Buzzfeed.

Your browser, Internet Explorer 8 or below, is out of date. It has known security flaws and may not display all features of this and other websites.

Learn how to update your browser