Insomniac Hacked By Ransomware Group: Employee Information Stolen & Future Projects Leaked

[VigilantCrow]

Nothing that touches the internet is private. People and companies will eventually learn the lesson.

 

[CelestialRequiem]

Sony should have paid the ransom.

 

I definitely don't like the idea of giving into the criminals, but beyond studio plans and agreements with Disney, people's lives are basically available to the public now. They had a week to do it, but allowed their employees to take all of the risk.

 

Since this is specifically an Insomniac leak, it sadly likely came from someone higher up being negligent. Even so, Sony could have done a better job protecting their employees, as well as their relationship with Disney, by paying the two million.

[Studfox]

I feel like the employee information was to put more pressure on insomniac to pay up. It's one thing to release your hard work and future plans but all that employee info puts them in such a liable and morally conflicting position for their staff. Currently dealing with a 3 month back-and-forth clearing my name from identity theft earlier this year so I definitely feel bad for everyone involved that will be affected by this and wish a plague upon whoever uses their information maliciously. 

As has been said above though, I don't think that this will effect their sales of these games moving forward, just sucks seeing it get spoiled. I remember my shock and awe from seeing the wolverine teaser at that state of play

[sepheroithisgod]

Paying the ransom is the worst thing a company can do in this situation. There is no legally binding agreement that these hackers are actually going to give back the data, and that they have not already sold the information to other parties before making this demand. Or that they have not made multiple copies of said data. Doing so only promotes this behavior and would make Insomniac (or any other victim) a target for other groups if they know that the company will pay for the data back.

 

My heart goes out to the actual employees that got doxxed. I'm curious if the breach was on SIE or Insomniac themselves. Ultimately, security needs to be better.

[FishOfPain]

59 minutes ago, BloodyRutz said:

 

It is far from pointless and there are numbers to support that. You cannot just make a statement like that when we are discussing factual data. The majority of companies choose to pay the ransom. This is literally "on paper", you can look it up. If the hackers would sell the data even after receiving a payment, they would be undermining their "business model".

The articles you're quoting seems to describe ransomware attacks though, where hackers encrypt the files for a company making the them lose access to their own data. In cases like that, I can see why companies pay up if they haven't got the data stored elsewhere. But this Insomniac hacking wasn't like that; Insomniac still has the data, and the hackers have a copy of it. There's no way to "return" a copy of a file to the original owner as in a phyiscal ransom situation, so yeah, paying in this case WOULD be stupid since the hackers still have the data and can still just release it whenever they want.

 

EDIT:
I can't even see any mentions (at least not in the article in the opening post) about this being even being a ransom - they wording seems to suggest the data was for sale for ANY bidder. A linked article also mentions that 2% of the data was removed from the final upload since it was sold, and it doesn't seem impossible that could be the personal data actually being bought back by Insomniac or Sony. But still, as I mentioned, while the hackers NOW say that they don't upload the sold data, they've still got access to it and could release it any time down the line. 

 

EDIT2:
Nevermind, I just saw that another article mentioned Insomniac themselves had a week to pay an undisclosed amount. My bad, but it's still not the same type of ransomware as when the files are corrupted for the company. ...now read it all and it's put up the offer for Insomniac in parallell with the public auction. Odd, but I could imagine that if presented with the option that Insomniac/SIE didn't find it worth the 2 million to get all data back (with no guarantees of further leaks), but actually put in a bid for the personal data for less (still with no guarantees, but cheaper and more important).

Edited December 19, 2023 by FishOfPain

[Dreakon13]

2 hours ago, Eraezr said:

Whatever one feels about Spider-Man 2 (I'm in the camp that blows raspberries at it), you gotta take a step back and have this sober observation that 2023 has made game developers to be cheap cannon fodder.

 

With all the lay-offs.

With The Game Awards prioritising cheap ads over developer sentimentality, making a laughing stock of the industry next to movies.

And now leaks which are putting people's personal passport scan on the internet.

 

Social media already decided that when it became commonplace to harass anyone involved brave enough to use their real names when they don't like something about a game or a company.  People are okay treating them like less than human until they get laid off or something really bad happens, then suddenly turn into bleeding hearts when there's a new popular topic to rally around.

 

Edited December 19, 2023 by Dreakon13

[Helyx]

My source says this was an internal job.

[MidnightDragon]

Fucking hackers! Hope they get caught. Sucks that the employees personal info is out there now. Makes it easier for people to harass and bully them and much worse.

[Slava]

Naughty Dog was hacked.

CD Projekt was hacked.

Rockstar was hacked.

Nvidia was hacked.

Now Insomniac.

 

At some point, I think it was after Naught Dog was hacked, I thought the big studios and companies would look into ways of increasing information safety. Now, in 2023, I'm more than sure they've done all they could at this point. As long as there's at least one person working at a studio, there's a way in for hackers.

 

As for paying/not paying the hackers, I think I've only heard of cases where the company decided not to. I certainly remember CD Projekt saying they wouldn't give in to their demands.

Edited December 20, 2023 by Slava

[Eraezr]

12 hours ago, Helyx said:

My source says this was an internal job.

 

Whether this is a joke or not, getting 1.7 terabyte through firewalls is done through social engineering . Someone on this inside screwed up or has a vendetta against Insomniac.

[Helyx]

27 minutes ago, Eraezr said:

Someone on this inside screwed up or has a vendetta against Insomniac.

 

I wasn't told whether it was a goof or vengeance, but my source said it was all internal.

[majob]

13 hours ago, Slava said:

Naughty Dog was hacked.

CD Projekt was hacked.

Rockstar was hacked.

Nvidia was hacked.

Now Insomniac.

 

At some point, I think it was after Naught Dog was hacked, I thought the big studios and companies would look into ways of increasing information safety. Now, in 2023, I'm more than sure they've done all they could at this point. As long as there's at least one person working at a studio, there's a way in for hackers.

 

As for paying/not paying the hackers, I think I've only heard of cases where the company decided not to. I certainly remember CD Projekt saying they wouldn't give in to their demands.

There's a saying that for every 10 ways you have to keep a thief out he has 11 ways to get in. Nothing is foolproof, not to say that there shouldnt be constant investment and increased measures in security but the reality is that you will never 100% keep a thief or in this case a hacker, out. 

[iSympathie]

i really was hoping for Resistance remaster. 😁

[Fing3rButt3r3]

sucks but, cant wait for those new games!