20 Years After the Sony Rootkit Scandal

When Sony Shipped Malware on Music CDs

On Halloween morning in 2005, a security researcher hit “publish” on a quiet corner of the internet, describing something strange he had discovered lurking deep inside his PC. Hidden files, cloaked processes, and a piece of software that refused to be removed. After digging further, he traced it back to a music CD from Sony BMG.

What followed was far from a niche tech story. Within hours, online forums lit up, and within days, headlines began to spread. By the end of the week, Sony was facing a global scandal. What began as a blog post had become a full-blown corporate crisis, one that spread with the same stealth and persistence as the malware it exposed.

Sony had not just tried to protect music. It had intentionally invaded the machines of millions of customers with a rootkit-level exploit. And now the world knew.

This is the full story behind one of the most reckless tech decisions ever made, and how it unintentionally helped shape the future of digital media.