[guildenstern]

Presumably Sony and other major corporate users of YouTube do not have employees selecting a file and sitting waiting for it to upload every time a trailer needs to go out, nor do they give employees access to these high value YouTube accounts. Presumably they have a system between their staff and YouTube that is responsible for uploads, and in that system a mistake like this —- referencing the wrong file —- would be much easier to make and go unnoticed.

[jcranmer]

According to the Ars Technica article on this, this is actually quite likely--the UI for these systems is apparently typically sufficiently bad that you have to copy a numeric ID, and you won't get feedback as to what the numeric ID actually referred to.

[gruez]

Ars quote in question:

>The processes used by organizations like Sony to publish videos to platforms both owned and otherwise could present opportunities for error. (I know this because I used to work for a major broadcast TV network.) It could have been as simple as a young, entry-level digital producer accidentally copying and pasting the wrong video ID number from the company's internal repository of video files into a proprietary publishing tool that bulk-publishes several videos in a daily push via the YouTube Data API and the equivalents on other platforms.

I don't buy this explanation because the setup would be hilariously insecure. It would be like having a company-wide file share that anyone can access, and placing all your trade secrets on it. It might make sense for broadcast TV networks, considering all their content is distributed for free anyways.

[ant512]

This is the same Sony that was famously hacked in 2014:

https://en.m.wikipedia.org/wiki/Sony_Pictures_hack

From the Wikipedia page:

“The hackers involved claim to have taken more than 100 terabytes of data from Sony”

“The data included personal information about Sony Pictures employees and their families, e-mails between employees, information about executive salaries at the company, copies of then-unreleased Sony films, and other information.”

The YouTube mistake sounds to me like a publicity stunt, but “hilariously insecure” isn’t necessarily an incorrect assessment of Sony’s infrastructure.

[blattimwind]

> It would be like having a company-wide file share that anyone can access

"Enterprise document/data management" usually means something along those lines, yes.

[garblegarble]

>I don't buy this explanation because the setup would be hilariously insecure.

I work in the industry, I 100% buy this explanation. Security is not great on all sides, confusing UIs and opaque IDs pasted into web systems (or excel spreadsheets) with little/no feedback (or excessive feedback that then gets ignored) are standard.

Also, even when media isn't directly available to a user, they may well still have the ability to send a particular file by house number through a pre-approved workflow (e.g. publish to youtube)

[dewey]

Most of these accounts are run my external marketing agencies not by the companies itself. And from what I heard the process it's way more manual than you'd suspect. It's not impossible for a human to select the wrong file.

[gruez]

and why would the external marketing agency have a full copy of the movie, with no DRM?

[Rjevski]

Maybe whoever sending the content to the marketing company did the mistake, and the marketing company just obeyed their orders and uploaded it without further checking.

[dewey]

Maybe they also cut and edit the trailer? I don't know how they work internally.

[gruez]

quick search says that trailers are either made by specialized companies, or by in-house departments.

[dewey]

I guess that's true in 100% the cases then and there's no room for a human mistake left in this case ;)