A devastating Insomniac Games data breach has resulted in terabytes of confidential company information being shared online, including licensing contracts, development pipelines, and much more. Recognising the severity of the infiltration, a selection of high-profile studios have expressed solidarity with the Marvel’s Spider-Man studio.
Remedy, the Finnish firm behind Alan Wake 2, said the developer “doesn’t deserve this” in a statement. “Our sympathies to Insomniac Games and all the affected team members,” it wrote on Twitter. “After all the effort and dedication they have poured into their games, they didn't deserve this. No one does. The hackers also leaked employee's personal information, which is truly disgraceful and shameful.”
Neil Druckmann, the creator of The Last of Us and co-head of Naughty Dog, also chimed in: “To our friends at Insomniac Games, we can’t wait to experience your next games whenever you feel they’re ready. Until then, we’ll remain your patient fans!”
Last week, a hacker group revealed that it had obtained sensitive information from the Sony first-party studio, and attached a $2 million ransom to the data. Clearly a deadline passed, and that information was publicly uploaded to the Internet earlier this week. PlayStation has said it’s investigating the breach, but hasn’t provided an update yet.
[source twitter.com, via twitter.com]
Comments 33
Besides the game information being leaked, peoples personal information is now being bought and sold.
I wouldn't feel safe if I was an insomniac employee
The amount of detail from the hack that some high profile sites reported was very disappointing too.
Glorified bloggers racing each other for the clicks.
I was satisfied to read Sammy's article yesterday saying that none of the details would be published here 🙏
I can't help but think games media have been acting like vultures with this. Report that it happened, keep it vague and let the story die while Insomniac recover and the authorities do what they can to track the culprits down.
@Netret0120 It's unfortunately common.
The day before vaccine rollout was due to begin here during the pandemic, a hacker group gained access to the country's health service, stole everyone's private data and crashed the system.
Kids on waiting lists for cancer treatment etc had to have procedures pushed back.
Added to that, for the last few years now if you get a call from a strange number you just don't answer it anymore. We just live with the knowledge now that all of our medical info, home address details, social security info etc are all just out there floating around.
Especially around this time of year. I had two calls last week that I answered for a laugh - Robot voices on the other end telling me my social security number was used for "crimes".
I called them back for the hell of it. The scammer call centre answers within seconds. If only government departments were that fast.
Someone got access to my bank account at one point too. That wasn't as funny. Luckily the bank fraud squad were on the ball that night.
They caught it right away, called me and reversed the charge.
@Shepherd_Tallon
Push squares sister site, Eurogamer one other worst. tabloid gutter tier class on their part, but nothing new with that cesspool.
Posting out all the details for cheap clicks
@Anthony_Daniels I saw that! I was so surprised. I had that exact thought when I saw it - Tabloid garbage.
I haven't used Eurogamer in years really and thought they had higher standards. I was reading the article just expecting a different version of the one Sammy posted yesterday.
It's really strange how differently are devs voicing their opinions about this leak.
Capcom had massive breach that revealed private info about employees and also revealed slate of their games for next 6 years and almost nobody cared and every website covered that leak.
But Insomniac suffered same breach and now everybody is concerned including some websites and people from gaming media?
I don't want to spread conspiracies but it really looks like they are afraid that Sony will take away their access to review codes/preview events etc. and that's why they won't cover it. And while I understand Insomniac devs being pissed at this situation, this really smells like double standard.
@Gunnerzaurus But then don't argue with "we won't cover it because it's stolen information" when exactly same thing happened with Capcom and they covered it. Because it's just hypocrisy at that point.
@Netret0120 it's kind of lucky they're an American company because if this was in Europe then the GDPR case would be crippling
@Gunnerzaurus Ah nice. That's fair.
There's a right way and a wrong way to do it for sure.
@Shepherd_Tallon I was disappointed with PX for publishing an article on it as well, absolutely no need for an Xbox dedicated site to do that other than to throw shade at the competition.
@Gunnerzaurus PushSquare covered Capcom leaks but is refusing to cover Insomniac leaks (so I expect this comment to be deleted). Gamespot editor also said that they will not cover Insomniac leaks why they covered Capcom leaks. And don't get me started on youtubers.
And while I understand difference between "Xbox leak" and Insomniac leak (Xbox basically doxxed themselves by uploading underacted files), there is no difference between Capcom and Insomniac leaks because they both originated from ransmoware hackers who published data.
And okay. Every web can choose where is their line in the sand. But don't use excuses when you covered information from same situation to try to get into moral highground.
It must have been a contractor or someone from inside the company with bad intentions. How the hell do you transfer 1.7 TB outside the company network and the IT dept doesn't get triggered. That or their security is poor. Nowadays everyone should have 2 factor authentication with their mobile phone to even log in through a VPN.
This is why work from home is slowly dying. Biggest leaks in the past few years happened because of wfh, as much as I enjoy staying at home to work and not wasting my time on the road.
@Godot25 I see many voices in the comments that state, that they are very happy that the leaks are not covered in detail. Maybe those are similar voices that existed during the mentioned "Capcom leak" and PushSquare (and some other outlets) adapted and changed their behavior?
I think it is a bit sad to confront people with supposedly moral high ground or double standards, when there is positive change in how situations like these are handled.
I'm no tech expert, but my takeaway from this is that companies need more than one system. Systems that do not talk to each other so that if you are hacked, you will lose only some of the data, so in this case, the game would be on one closed system, employee details on another, and then details regarding future games etc., on which actual development has not begun, on another. I do not know how practical that is, or how difficult it would be to have multiple different systems that do not speak to one another, but at the very least, there does seem the need for multi-layered encryption that would prevent access to absolutely everything once a hacker is in.
All that said, I really feel for Insomniac, and in particular the individual employees concerned. It really is an unforgivable intrusion, and I truly hope that the perpetrators are caught and imprisoned...
@dv_xedge Well. We will see how leaks will be handled by those same sites in future. If it is more about "it's Insomniac" or more about "it's morally wrong."
But I digress. I'm interested in those information and there will be always someone who is willing to cover it, so I will read it there. It's not even that hard to access those files for yourself.
@Gunnerzaurus MysticRyan really has been and still is one of the better 'gaming aggregators' that is out there. His longevity is crazy, still watch his LTPS to this day
Putting your personal data on any machine that is connected to the internet is as same as giving announcement into newspaper. I still don't know why people are upset, while their personal data are stolen from beginning?
@PixelDragon Of course I've been... that's why I don't care personal data anymore, because they have been already stolen...
This is shocking but let’s face it anyone on the internet has already passed their personal data unwittingly to any authority that wanted it.
The Orwellian big brother future is now the present sadly.
There's been a lot of misreporting on the leak too. People posting that Rift Apart was a flop because the leak "revealed" it only sold 2 million copies with an $80 million budget, but apparently that data is a projection of the first month sales dating back to 2020.
It's better to do like this site and just not cover the details at all.
@Netret0120 you shouldn't feel safe period. These types of attacks are not always reported. Even companies like McDonald's get infiltrated and you never hear about it at all. Mostly because it isn't worth the time to random, the information is worth more. So the random never happens. Only reason we know anything is because insomniac didn't capitulate to their demands.
As far as personal information goes, a big company like sony has identity theft packages at the ready for this sort of thing. I've been with at least one major publisher that didn't have their ransom publicly known and provided identity theft protection for everyone the minute they were aware for up to 5 years. Some publishers just out right give the protection packages out either as a benefit like insurance to just a free perk straight out as soon as you start. At this point it's expected to happen.
The employee information is also not even all that useful, social security numbers are not stored any where that can be gotten at easily. Phone numbers are already sniffed out with auto dialers and work history is plastered all over the internet. Which just leaves salary and work level. Talk to any software engineer worth their salt and they can tell you that your data is more easily scrapped off the internet than from your employer.
must be tough for a site like push square to have to ignore the information coming out of this hack. There are some VERY newsworthy revelations in there. Some of it I really wish Sony would just be more open about and share publically anyway, regarding sales numbers etc.
@Shepherd_Tallon Yea IGN had no shame on being very specific about what was being leaked.
The leak sucks in some respects for sure, and in other aspects it corroborates some really poor decisions on the corporate strategy front as well as hints at a possible internal war going on for the soul of PlayStation between its studios and the corpos trying to push live service predation and what that means for the near-term future of first party projects.
All of that aside though, this hyper focus on and over dramatization of personal data getting out in the form of simple new hire paperwork like info is a bit absurd. It sucks for sure, but i assure you, nearly everyone's personal info is out in the wild already and bought and sold, by major corporations we are meant to trust, over and over again. It's really not this big deal people are making it out to be, nor are random game devs such a high-profile target that they would be at some ridiculously conceived risk of physical harm over this. Sure it may have caused some inconveniences for them and yes that always sucks.
However, it's not the mountain everyone's pretending this minor bump is. The far more damaging part of the leak is the full story and dev game build of Wolverine being leaked. That is legitimately devastating for Insomniac for sure and i feel for them.
The far more damning info for Sony is the internal admission of ageing foundations and inferior sub svc along with the absurd amount of money being spent on dev of these games and the marvel IP usage. It's insanity.
Definitely don't cover the leaked game details but the info on Sony strategy and financials, as well as release roadmaps (something sony refuses to even vaguely touch on or say anything for that matter) I think are fair game and in many other circumstances have been and/or would be covered by most outlets.
See, the thing is... the more fuss you make about it, the more the hackers will find it worthwhile.
Instead, rejoiced that fans are excited for the great things you got coming. Act like nothing happened and you will devalue what the hackers accomplished. They can't hurt you.
Make a big drama and you empower them. 🤷
Sucks for everyone involved. Hope they're being offered identity protection!
@dv_xedge
I came here to write just that. I feel like I have been poking this site's journalists whenever I felt their standards dropped below professional and it is great to read spoiler free reporting on issues. I read them as warnings.
It makes sense to not repackage stolen data.
Keep fighting the good fight.
"[And do not cross the boundaries into true corruption. (...) 'Cause if you do, one day you will look beneath your work and see the community's angry responses and you will reap/read it; and we will send you towards whatever god, you wish.]
@Sil_Am There's no basis to assume an "inside job". Hundreds if not thousands of companies have been hit ransomware attacks in the last few years. The company I work for was hit in 2021 but we make boring and not especially important business software so no one cared when the hackers tried to sell our info.
Intrusion is usually via network security holes, which many companies have, or social engineering (phishing).
1.7TB of network traffic is not a lot on the scale of a corporation - especially one that would be transferring large game development files all over the place and not necessarily just internally.
The hackers will always hit a company during their night hours so no one is working and you can transfer a lot of data in a just a few minutes from a fast corporate internet connection.
@Netret0120 Once Equifax (one of three credit agencies that pretty much has every single bit of information on anyone capable of applying for credit) got hacked in 2017 all of America had their information stolen. I keep my credit frozen now. The biggest impact would be on international individuals.
@Shepherd_Tallon Love the double standard. When its Sony and bad for business we better not publish anything at all related to the hack. These editors/writers/websites suddenly have some misplaced moral rod up their ass. Where was that same compass when it came to every other hack. Seems to me if you had no problem talking about the recent GT6 hack or Sega hacks then you have no leg to stand on now. To me (an many others) the angle is more of "we better not upset our corporate gaming overlord" then any real stance on the subject that will last beyond this one.
I can 100% can guarantee with upmost certainty when the next hack (no matter the magnitude) that as long as the hack isn't on Sony or a Sony studio these same writers being so sanctimonious now will suddenly revert back to being on top of the story instead of ignoring the matter for some fake stance.
Edit: It is not like they would be reporting actual user info. But there is so much in this hack that is newsworthy and should be investigated further. Well at least real journalists will look into those items.
@KundaliniRising333 Wrong you cover everything. That is very essence of REAL journalism. I am sorry Sony/Insomniac got hacked. But that is on Sony and Insomniac for its weak security. But that doesn't stop the journalistic part of the equation. You seek answers and not run away from them because of some idea it might somebodies' feelings or you think Sony may not be your BFF if you do.
You can feel sorry for the user data issues but that doesn't mean that too isn't a story to investigated as well. Everything is fair game. Either that or any story that is based on info not directly announced by a company should never be written about going forward. Most of these sites/writers/editors would have no articles to present without relying unofficial sources. At least this hack provides official sources not made up, insider references, or rumors.
Leave A Comment
Hold on there, you need to login to post a comment...