cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Spider-Man 2 developer Insomniac Games hit by Rhysida ransomware attack

Ransomware gang posts developer passports alongside internal screenshots from a yet-to-be-released Wolverine game.

user icon David Hollingworth
Tue, 12 Dec 2023
Spider-Man 2 developer Insomniac Games hit by Rhysida ransomware attack
expand image

Ransomware operator Rhysida has posted limited data that appears to back up its claim that it has successfully hacked video game developer Insomniac Games.

Insomniac is best known for its two award-winning Spider-Man games and is currently developing a title based on Marvel’s Wolverine.

In fact, some details regarding the upcoming Wolverine game may have been included in the hack, as an annotated screenshot from the game appears to be included in the gang’s proof-of-hack data, along with character art that seems to relate to other Marvel characters that may be featured in the game.


Also included are passport scans that appear to belong to Insomniac employees, including at least one ex-employee who now works at Disney after being laid off by the developer two months ago. Another personal document appears to belong to the voice actor who voiced Peter Parker – aka Spider-Man – in the latest release of the game, Yuri Lowenthal.

Other documents featured as proof-of-hack material include internal emails and signed, confidential documents.

The Rhysida gang is saying Insomniac has seven days before the full data set is published but is also currently running an auction on the data, with a starting price of 50 bitcoins, or just over US$2 million.

“With just 7 days on the clock, seize the opportunity to bid on exclusive, unique, and impressive data,” Rhysida said on its leak site.

“Open your wallets and be ready to buy exclusive data. We sell only to one hand, no reselling, you will be the only owner!”

In a widely reported statement, Sony – which owns Insomniac Games – has said it is aware of the incident.

"We are aware of reports that Insomniac Games has been the victim of a cyber security attack," a Sony spokesperson said. "We are currently investigating this situation. We have no reason to believe that any other SIE or Sony divisions have been impacted."

Updated 12/12/23 to add Sony comment.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.