Insomniac Games, the game studio behind many popular PlayStation exclusive titles like Marvel’s Spider-Man and the upcoming Marvel’s Wolverine, was recently targeted in a cyberattack by the Rhysida ransomware gang.
The hackers claimed to have stolen over 1.6TB of sensitive corporate data from Insomniac's internal systems. After the studio failed to pay ransom, Rhysida leaked all 1.6TB of the data on their dark web site just before the Christmas holidays.
Below, we have explained what happened and what sort of data has been compromised as a result of the leak.
Employee Data and Details on Unreleased Games Exposed
The leaked data encompasses over 1.3 million confidential company files - everything from revealing game development documentation to employee personal details. Industry peers like Remedy Entertainment have spoken out on X (formerly known as Twitter) against the hack, calling the public exposure of private corporate information “truly disgraceful and shameful.”
According to those who have reviewed the leaked data, it contains extensive confidential documentation and assets related to Insomniac's work on upcoming major game releases. Most notably, it includes internal presentations and plans around development of future Marvel comics universe titles beyond Spider-Man and Wolverine.
The data leak also contains personally identifying information about the employees of the game studio, such as their personal contacts, passwords, financial information, and even performance reviews. This is, of course, a major breach of the employees’ privacy and could lead to fraud and phishing attacks.
Rhysida Group Set the Ransom at 50 Bitcoins
The Rhysida group initially demanded 50 bitcoins (around $2 million dollars) from Insomniac to not publish the hacked data, which the studio refused to pay. It’s unclear as of yet how the game studio was hacked, but in the past Rhysida has breached companies’ privacy by using stolen passwords and phishing emails, and then subsequently encrypting the victim’s computer.
While the group is relatively new, it has already made a name for itself. Rhysida was also responsible for the cyberattack on the British Library earlier in November.
By brazenly leaking the stolen data, including years of work by hundreds of developers, the hackers have added Insomniac to the growing list of major entertainment studios impacted by cybersecurity threats. Both Sony and Insomniac have yet to issue an official statement on the data breach, ongoing threats, or prevention efforts against future attacks.
Investigations Ongoing, Studio Faces Months of Disruption
While many of us will be enjoying the Christmas holidays and spending time with our families, Insomniac Games confronts the challenge of addressing the aftermath of a data breach. It’s likely that their main priority will be supporting and protecting their employees whose personal information has been leaked as a result of the attack.
Ransomware attacks are becoming increasingly common in today’s world and that’s why it’s so important for everyone to learn how to safeguard their personal information. By educating their employees and adopting strong cybersecurity measures, companies can greatly reduce the risk of falling victim to such attacks.