Sony Insomniac hackers leak 1.3 million files — including details on new Wolverine game

A hacker typing quickly on a keyboard
(Image credit: Shutterstock)

In the world of video games, leaks and spoilers normally come from disgruntled developers or those with knowledge about upcoming releases. This time though, a ransomware group has given us an inside look at Marvel’s Wolverine and other games that are currently in development at Insomniac Games.

As reported by Engadget, the Rhysida ransomware group has published 1.3 million files or almost 1.7 terabytes of data stolen from Insomniac Games online. Just a week ago, these cybercriminals hacked into the game developer’s systems and infected them with ransomware.

Following the hack, Rhysida started a public auction on its website for all of this stolen data with the asking price of $2 million in Bitcoin. Unfortunately for the ransomware group though, there weren’t any interested buyers. After the clock on its site ran down, Rhysida then decided to publicly post the stolen data instead. Among these 1.3 million files, there are internal HR documents, screenshots of Slack conversations between employees and more. 

While all these internal documents could certainly be used to launch targeted phishing attacks aimed at Insomniac’s employees and even to commit identity theft, most people will likely be interested in all of the new details we’ve learned about the studio’s upcoming Wolverine game. The files themselves contain details about level design, characters and even screenshots from the game itself. 

Wolverine isn’t the only superhero game in the X-Men universe Insomniac is currently working on though, as a signed publishing agreement between Sony and Marvel has revealed that it is just the first of three X-Men games. The leaked documents also reveal that Sony plans to spend $120 million per game with Wolverine releasing by September 1, 2025. The other two unannounced games will come out in 2029 and 2033, respectively.

Outlook: Ransomware is back in a big way

Ransom being paid in exchange for login credentials to a locked system

(Image credit: Shutterstock)

Although it seemed like ransomware attacks were on the decline last year according to data from Statista, this year they’ve seen a resurgence as cybercriminals are once again hacking into companies’ systems and holding them hostage.

Just like with data breaches though, it isn’t just the companies themselves that feel the brunt of these attacks. While some companies do decide to pay the ransom to get their locked files back, this isn’t recommended as there is no guarantee that the hackers responsible will actually release them. 

Over the past few years though, we’ve seen cybercriminals create their own data leak sites in which they name and shame companies that were unwilling to meet their demands. This usually involves all of the data they’ve stolen being published online which hurts the companies themselves but can also affect their customers. Your personal information could end up being exposed online, even when you haven’t done anything wrong.

Now that cybercriminals are once again turning to ransomware to target large companies like Insomniac Games, we’ll likely see more of these attacks as we go into 2024. While there isn’t much you can do ahead of time, once you do learn that a company you do business with has been hacked or hit with a ransomware attack, you need to be proactive. From changing your password to checking your bank accounts for signs of fraud, these small steps can help prevent you from becoming a victim of fraud or identity theft.

Now that the cat is out of the bag regarding Insomniac’s upcoming X-Men games, we’ll likely hear more about them sooner rather than later. As for the hack itself, Sony will probably look to lock down its first-party studios to prevent more details about the best PS5 games from being leaked early.

More From Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.