First, Rockstar Games Got Hacked, Then Sony's Insomniac, and Now Ubisoft… Who's Next?

It's not like these hackers are vigilantes, exposing world domination plans companies keep under lock and key in a special drawer. They're self-serving digital thieves that steal data and, in turn, ask for ransom. Hence, the term ransomware.

One such criminal organization that's a far cry from Robin Hood's myth of "rob from the rich and give to the poor" is Lapsus$. During their criminal career, they managed to hack Nvidia, BT/EE (British national mobile network operator and ISP), Uber, and Revolut (digital bank).

They didn't stop there, because in September 2022, they hacked Rockstar Games, releasing over 90 videos and other types of footage of GTA VI while it was still in the development phase. The main culprit behind these attacks was Arion Kurtaj, an 18-year-old.

After a year of trials and examinations, the court found him guilty and recently sentenced Kurtaj to an "indefinite hospital order," reported Joe Tidy, a BBC News journalist. This is in light of his recent psychiatric evaluation, where Kurtaj said he wouldn't stop the hacks once he would have gotten out.

More recently, in December 2023, Insomniac Games, a Sony 1st party company, was also hacked. The data was held as ransom for $2 million worth of Bitcoin. Similar to what happened to GTA 6, Insomniac data was also made public a few days ago, at the time of writing.

Footage from Insomniac's upcoming Wolverine game is plastered all over social media, along with a lot of documents filled with game sales statistics, company future plans, upcoming titles, and things of this sort. In fact, playable development builds of Wolverine have been downloaded and used by people, even on Xbox consoles.

Sony is trying to control the damage by getting help from Internet Service Providers, which would identify those who have downloaded files from Insomniac.

Currently, the company released a statement saying, "This experience has been extremely distressing for us. We want everyone to enjoy the games we develop as intended and as our players deserve. However, like Logan… Insomniac is resilient. Marvel's Wolverine continues as planned."

From what the studio is saying, it seems like development hasn't been impacted in such a way that a delay is warranted. But this hack could have chronic effects in the long run. Especially because personal employee information has also been leaked, which could have dire consequences for all those people working there.

Not even a week after this announcement, on December 20, Ubisoft apparently also went through a hacking attempt, reports user "vxunderground" on Twitter/X. They said the "Threat Actor" tried to get hold of 900GB of data but lost access.

Furthermore, it appears that the hacker had access to Ubisoft for 48 hours until their rights were revoked for suspicious activity. Fortunately, the Assassin's Creed and The Crew Motorfest publishers got a handle on things before they got messy.

This wave of recent attacks could be just the tip of the iceberg. There are a lot more cases of ransomware that we don't even hear about. How cybersecurity will improve for gaming companies in the future remains to be seen.

Let's not forget the PlayStation Network outage of 2011, when hackers compromised not only the PlayStation Network, but also 77 million accounts across PS3 and portable devices from that time.

December 20th an unknown Threat Actor compromised Ubisoft. The individual had access for roughly 48 hours until administration realized something was off and access was revoked.

They aimed to exfiltrate roughly 900gb of data but lost access.

— vx-underground (@vxunderground) December 22, 2023