Renowned video game developer Insomniac Games fell victim to a crippling ransomware attack on December 12, as the hacker group Rhysida leaked 1.67 terabytes of stolen data.
The cyber assault targeted the studio responsible for the widely acclaimed Spider-Man 2 game. Rhysida had demanded a ransom of 50 bitcoins, equating to $2 million, for the secure return of the data, according to Polygon. Failing to secure payment, the ransomware group proceeded to post the extensive data trove on its darkweb site.
Massive Data Breach
The leaked data, spanning an extensive 1.3 million files, includes critical information regarding Insomniac's highly anticipated Wolverine game, slated for future release. The breach also exposes the studio's comprehensive release slate for the next 12 years, encompassing sensitive commercial and strategy documents, Slack screenshots, and personnel files.
In correspondence with Rhysida via email, Cyber Daily revealed that only 98% of the full data set was uploaded, with the remaining files purportedly sold by the ransomware group. The breach surpasses the impact of last year's Grand Theft Auto 6 hack, encompassing a broader scope of data. The compromised files, disseminated widely on platforms such as Reddit and Imgur, unveil the full plot and cast of Wolverine, along with gameplay and animation videos, game files, and design documents for the unreleased Marvel game.
Moreover, the leaked data delves deep into Insomniac's plans, outlining a projected slate through 2035. This includes plans for future Spider-Man and Ratchet & Clank games, a new intellectual property launch, and an apparent extension of Wolverine into an ongoing series of X-Men games. The breach also exposes plans for a suite of online games based on Insomniac's Marvel superhero properties, though these documents may be subject to change.
Read Also: Google Settles Antitrust Case for $700 Million, Commits to Fair Play Store Practices
Hackers Target Video Game Developers
While the extent of personal data from Insomniac employees remains unclear, the leaked files include internal HR documents, Slack screenshots, and potentially the contents of several employees' computers. The release has raised concerns about the potential inclusion of passport images, as seen in Rhysida's previous screenshots.
Rhysida's spokesperson asserted that the primary motive behind the hack was financial gain, characterizing game developers like Insomniac as "easy targets." The spokesperson claimed the breach was a relatively simple process, taking the hacking team a mere "20-25 minutes" to gain access to the domain administrator.
In response to the cyberattack, Sony issued a statement last week, acknowledging the situation and affirming an ongoing investigation. The statement indicated that there is no evidence suggesting the impact extended to other divisions within Sony Interactive Entertainment, per Gizmodo.
Rhysida has been linked to a series of cyber attacks in 2023, targeting entities such as the British Library, healthcare companies, and purportedly international government organizations. The group's history includes the arrest of hackers responsible for the massive 2020 Capcom attack and the 2022 Rockstar Games hack, which led to the apprehension of two teens in the United Kingdom.
According to IGN, cyberattacks on the video game industry have become more frequent in recent years; significant breaches have affected firms such as Capcom and Rockstar Games.
Related Article: Mr. Cooper Cyberattack Exposes Personal Data of 14.6 Million Mortgage and Loan Customers
