Insomniac Employees' Personal Info Made Public In Historic 1.6 Terabyte Leak
19.12.2023 - 10:59
/ thegamer.com
/ Jim Ryan
/ Yuri Lowenthal
A ransomware group hacked Insomniac last week and threatened to sell the data it stole to the highest bidder if Sony didn't pay $2 million in Bitcoin. Seven days later, 1.3 million files are now public, totaling 1.67 terabytes, including the personal information of employees.
As reported by Cyber Daily (via VGC), 98 percent of the hack has been shared as of today. There's key information on the upcoming Wolverine game (including plot details and gameplay footage), as well as internal emails, Slack screenshots, HR documents, a publishing agreement with Marvel, passport scans, Insomniac's slate of games up until 2032, a contract between Marvel and Sony for three X-Men games, signed by Jim Ryan and Isaac Perlmutter, and more.
A personal document tied to Spider-Man actor Yuri Lowenthal is also part of the 98 percent of data that was hacked and then leaked.
Speaking to Cyber Daily, the ransomware group Rhysida said that Insomniac was specifically chosen as "developers making games like this would be an easy target". They claim that the motive was simply to make money, so the data was immediately auctioned to the highest bidder (starting at 50 Bitcoin, which is around $2 million), with Sony invited to take part.
Not all of the data has been made public as not all of the data was sold. It's implied that two percent of the hack was auctioned off to an unknown buyer. It's unclear if the employee passports were included in the leak, or if they were part of the sold data.
1.67 terabytes is a lot of data, equal to 1,670 gigabytes, making this among the biggest leaks in gaming history such as last year's GTA 6 and the two Valve hacks. But already people have begun to sift through the files. The majority are related to Wolverine, with test footage, casting, plot details, cutscenes, and planning being found, but there is also plenty of sensitive, private information included, such as HR documents like I-9 forms and termination documents.
Included in the shared files are the contents of Insomniac employees' entire PCs.
Sony launched an investigation into the hack last week, and Rhysida told Cyber Daily that "It would be better in the backyard". A spokesperson for the group also claims that the hack wasn't difficult to pull off, "We were able to get the domain administrator within 20 to 25 minutes of hacking the network".
No developments in the investigation have been made public and Sony has yet to comment on today's leak.