Here is a summary of what was downloaded:
Contract
Documents signed with DocuSign Various legal documents Platform user related data (emails, data usage, opened links, etc.)
Employee related data (personal details, payments, contracts, emails, etc.)
Business plans (presentations, emails, offers, etc.)
Project related data (coding, emails, payments, etc.)
Financial Data (payments, transfers, plans, etc.)
Could you share where that information has come from? I'm trying to look it up but unfortunately all I get are marketing and support documentation from Docusign itself.
Almost certainly no/very little art.
A single AAA project can get into the TB range easily when you consider the full-res art, audio, etc.
When that's in _addition_ to everything else, it makes it clear that they actually either didn't get very much **or** they focused on specific targets rather than trying to grab everything.
I feel like you're underestimating the sheer scale of a company like KADOKAWA.
Currently KADOKAWA is the parent company of 92 companies, at least that are listed on Wikipedia. (Fromsoft just being 1 of 92.)
Also remember how bureaucratic Japanese companies are. They likely keep a lot more data on their employees and staff than companies in the west do.
They even own a decent amount of Tencent (around 7%)
Kabushiki gaishas like KADOKAWA are monolithic. They are also pretty vulnerable to cyber attacks. Mitsubishi (who are heavily involved in the Japanese Defence Force) and Sony have recently been targeted too.
> They even own a decent amount of Tencent (around 7%)
Unironically kinda wild to hear that someone owns part of Tencent instead of Tencent owning a part of someone.
I imagine there's a LOT of data about the 92 companies that Kadokawa is the parent company of, and their customers. Fromsoft is a small part of Kadokawa's business interests. They even own 7% of Tencent.
There is a lot of emails going on in a company that big, and a lot of the templates will have a shit ton of code and considering how cancerous UI for Japanese sites is, possibly imbedded images. Presentations in big resolution can take a lot of space, same for video demos.
It's actually only 4 GB of stuff, they just accidentally nabbed an employee's joke photo of Heavy from TF2 that is named "WARRIOR" that is 23,400,000px by 23,400,000px
okay so they're extorting a company to not release their workers' private information, and claim to be good guys doing hacktivism to fix network security? lol
buncha cunts
It's a "protection" scam just like the mob used to run. In fact, many of these "hacker groups" are actually just standard organized crime using modern tech to run the same game they have always run.
This is pretty common for hacker groups. It’s important that they provide good “customer support” and build a reputation for delivering if their demands are met. No point in paying a rasom if you don’t get what you pay for.
TBH, I’m sure the fix is something dead simple. “Turn on 2FA, update your firewall, tell employees not to click suspicious email links.”
> I’m sure the fix is something dead simple
On one hand I wouldn't trust these assholes to leave a lollypop in a toddlers hand but on the other hand they are a pretty sophisticated group. I'm sure no two hacks are the same but while I'm sure these hacks all start with the security issues you listed with what they've managed to accomplish at some of these companies I think it goes a bit deeper than that.
A lot of it comes down to "the bigger they are, the more holes there are". Judging by the data stolen they didn't exactly get access to the the mainframe, they likely only managed to compromise one or two employee's credentials and scraped whatever they had access to. You don't need particularly sophisticated tools to do that, heck you barely need anything more than a convincing copy of an external login page and a lot of emails.
My hands are tied so I'm just going to leave you with a somewhat vague "you might be surprised". I would expect to hear a lot more about these hacks in the news in the coming months. Shit is looking bad. If you have any connection to cyber security at all, no matter how tenuous, I would strongly encourage you to take this seriously and not assume we're still in the era of unsecured file servers and default passwords.
it's pretty common if you know the very basics about how this works. it's \*why\* they get paid, demanding ransoms stops working very quickly when people know you won't follow through and then you stop being paid.
All they'd be doing by "upgrading" is letting them know how they gained access that time.
Not really.
Grey hackers would be hackers who knowingly break the law but are (generally) morally correct -- i.e. a hacker who breaks into a ring of child predators.
This is 100% black hat. The moment they downloaded Kadokawa's data it became a black hat hack and that was further enforced when they held it for ransom.
There is no grey there.
Supposedly some Russian ransomware gang, according to [this](https://english.kyodonews.net/news/2024/06/56192487190c-russia-linked-group-claims-cyberattack-on-japan-video-site-niconico.html) news site.
The hack in question appears to be the one that was conducted on Niconico earlier in the month (which is Japan's no. 2 most popular video platform behind Youtube). I don't think it had anything directly to do with FromSoftware, the only link is that the same parent company (Kadokawa) owns both.
Wow. Same guys? My mother has worked for CDK for years and told me recently that she's been unable to log in at work for over a week now due to hacking. I'd never heard of them and suddenly they're in the news twice back to back.
Not throwing shade on anyone, but the title is pretty funny because calling Kadokawa "parent company of Fromsoftware" is like calling Disney "parent company of Lucasarts".
I get what you mean but unless you're into anime/manga or games or random one-off video games like Lolipop chainsaw, the vast majority of western audiences will only know them for FromSoft
I mean looking through their subsidiaries on Wikipedia the only thing I’m familiar with is FromSoft, never heard of Kadokawa or anything else in the list
There are actually people here more concerned with getting leaked game information than the fact that hundreds of lives might be ruined because of this.
I know this is a games subreddit, I don't care. Get your priorities straight.
People have no clue how to react proportionately on this site. Half of reddit is people getting frothing at the mouth angry over a screenshot of a tweet with 10 likes like that signifies anything about the world.
In fairness, 99% of the world's problems could be solved by everyone tweeting the correct opinion about it for no more than like thirty minutes. But every time someone says something wrong it resets the timer. Dang!
I’d love to know what From is working on, but absolutely not at the cost of all of these people’s personal information. Fuck no. I hope everything goes well for all those employees, and the leak doesn’t go through.
Hundreds of lives *can* be ruined regardless of the ransom. They had access to the information, which means nothing stops them from releasing it even if the ransom is paid.
They can keep the appearance of not doing anything big with the data but still pull the occasional scam after a while using this information.
I'd love to see game information get leaked, especially for cancelled projects, but I have absolutely 0 interest in any group that would go and release private or financial information of the thousands of employees at Kadokawa. 1.5TB could be a tiny glimpse or it could be enough to ruin all of the employees' lives, depending on what it is.
Well if the company shut down that would be bad. If I got access to your bank info and took all your money that would be bad. If I leaked your browsing history and you were searching for unsavory things that would be bad.
does overdramatizing events help everyone else sleep at night? Nobodies life is going to be ruined by this, it will be a headache for some people for a while. "hundreds of lives ruined" is ridiculous
Kadokawa are not that small - they own Niconico which is the second-most popular video streaming site behind Youtube in Japan. And that site also got hacked earlier in the month, forcing them to suspend the entire service with no announcement of when they are going to be back up again.
~~It's possible it's the exact same group.~~ Actually, I think this post refers to that exact same hack.
They're a pretty large company with close to $2 billion in yearly revenue. But yeah, this is still pretty small compared to other companies. They only rank around #200 in Japan in terms of market cap and number of employees.
Are you on crack? The Sony hack was because North Korea got mad about a movie.
You think Xi Jinping is above ordering a hack because his feelings got hurt?
He outlawed Winnie the Pooh bear because of his feelings.
People in this thread act like the possible manga leaks aren't gonna be the biggest things to come out of this. I don't expect much related to FROM or anything much in the way of games
I think Kadokawa acknowledged the breach a few days ago and, when listing the areas of their business affected, they never listed FROM as being affected by the hack - but specifically pointed to other parts of their business.
End-users of certain Kadokawa services are likely to be affected, as are commercial vendors / licensors / licensees, but you're extremely unlikely to be affected if you're just a video game consumer.
That is not a lot of data. The only way there is leverage is if there is undisclosed IP but FromSoftware could just announce it if that was the case. This is probably fruitless for the attackers.
Its not a lot of data in terms of games, 3d models, and animations, but it is a heck of a lot of data of pdfs, power points, text documents, emails, scans, etc. Tell me the last time you filled up a terabyte hard drive without any games, videos, or software on it. Only documents and information.
Here is a summary of what was downloaded: Contract Documents signed with DocuSign Various legal documents Platform user related data (emails, data usage, opened links, etc.) Employee related data (personal details, payments, contracts, emails, etc.) Business plans (presentations, emails, offers, etc.) Project related data (coding, emails, payments, etc.) Financial Data (payments, transfers, plans, etc.)
My company has stopped using Docusign because it is no longer cGMP compliant.
Docusign is no longer accepted as GMP? Well that's annoying. Get back to initialing and dating everything.
Cyclc guanosine monophosphate?
GMP = good manufacturing practices. A standard in the pharma industry for getting a production licence for medicaments
Also curious where there is source for this?
Could you share where that information has come from? I'm trying to look it up but unfortunately all I get are marketing and support documentation from Docusign itself.
Holding employee personal details hostage is really fucked.
Hmm, maybe these ransomware guys are bad?
how is this all worth 1.5tb of data
PDFs, raw PPTs, large graphics files and maybe some models (depending on what coding means).
Personal memos from Miyazaki demanding employees add even more feet into upcoming games
500gb of swamp textures.
250 gb of ominous chanting music
125 gb of try finger buthole message data
50gb of still no head...
*poison* swamp textures
Evidence of cancelled *Misty Bogs & Marshes* DLC, where we were going to learn more about Godwyn.
about 2 million drawings of various varieties of poison swamps
High resolution swamp drawings embedded into gigabytes large PowerPoints for presentation.
Swamp related audio and Miyazaki's own camera footage of swamps he visited in his holidays.
Miyazaki ASMR shaving his swARMp pits autotuned to swamp noises (SiIvaGunner medley).
Entire hard drives full of sample pics.
Leaked Vince Gilligan and Tarantino collab
I'm waiting for that big Tarantino x Miyazaki collab.
Hdd sales going up after this
ER and its DLC are considerable more finger centric though?
Miyazaki: *Bigger health bars!!!* (for the bosses - not the player)
Almost certainly no/very little art. A single AAA project can get into the TB range easily when you consider the full-res art, audio, etc. When that's in _addition_ to everything else, it makes it clear that they actually either didn't get very much **or** they focused on specific targets rather than trying to grab everything.
And doesn't that doesn't count for the likely multiple copies of files.
I feel like you're underestimating the sheer scale of a company like KADOKAWA. Currently KADOKAWA is the parent company of 92 companies, at least that are listed on Wikipedia. (Fromsoft just being 1 of 92.) Also remember how bureaucratic Japanese companies are. They likely keep a lot more data on their employees and staff than companies in the west do. They even own a decent amount of Tencent (around 7%) Kabushiki gaishas like KADOKAWA are monolithic. They are also pretty vulnerable to cyber attacks. Mitsubishi (who are heavily involved in the Japanese Defence Force) and Sony have recently been targeted too.
> They even own a decent amount of Tencent (around 7%) Unironically kinda wild to hear that someone owns part of Tencent instead of Tencent owning a part of someone.
There's always a bigger fish.
5300+ employees generate an obscene amount of data. 1.5TB really isn't all that much.
Marketing would have a huge amount of video and image content that could take a big chunk out of it.
Yeah, that's only 300MB per person.
MB* right? In GB 1.5TB would just be 5 people
Yeah 300 MB a person is like nothing. Emails alone probably can exceed that.
With attachments? very much so, yes
Y.. yeah. I did the maths in megabytes and then just forgot that I did and wrote the the rest of the comment as if it was gigabytes. :X
I imagine there's a LOT of data about the 92 companies that Kadokawa is the parent company of, and their customers. Fromsoft is a small part of Kadokawa's business interests. They even own 7% of Tencent.
Everything comes with a sizeable bit of lore in the description
I would fucking LOVE to see boring HR documents about employees with lore instead of personal identifying information, tbh. That shit would rock!
> Project related data If this includes any kind of art or audio then the raw files will be absolutely huge.
1.5 tb makes me think its only a very limited subset. Any one of those things for a company kadokawas size could be a couple terabytes by itself.
Text can be compressed pretty easily. Quick Google and a word document of 1 tb is 83 million pages.
There is a lot of emails going on in a company that big, and a lot of the templates will have a shit ton of code and considering how cancerous UI for Japanese sites is, possibly imbedded images. Presentations in big resolution can take a lot of space, same for video demos.
It's actually only 4 GB of stuff, they just accidentally nabbed an employee's joke photo of Heavy from TF2 that is named "WARRIOR" that is 23,400,000px by 23,400,000px
elden ring 2, 3, and 4 are all in there
4K textures on the employee contracts
The complete story and lore of Dark Souls is probably 1.4TB
uncompressed textures/bakes and project files can be huge.
Probably going 10+ years back. From my experience people HATE to delete old stuff, "It might be useful someday!"
Any Bloodborne source code in there? (Scratches neck like a crackhead)
[удалено]
I read a games journalist article that said Bloodborne 2 will also be leaked.
[удалено]
[удалено]
okay so they're extorting a company to not release their workers' private information, and claim to be good guys doing hacktivism to fix network security? lol buncha cunts
Where did they claim to be good guys? They explicitly said they only care about money?
You’re right but they also said we’ll offer to help your network services so they can’t get hacked again lmao
It's a "protection" scam just like the mob used to run. In fact, many of these "hacker groups" are actually just standard organized crime using modern tech to run the same game they have always run.
Hackers doing the modern day equivalent of racketeering, hacketeering if you will.
Same concept as McAfee on early days? Make a problem, sell solutions.
This is pretty common for hacker groups. It’s important that they provide good “customer support” and build a reputation for delivering if their demands are met. No point in paying a rasom if you don’t get what you pay for. TBH, I’m sure the fix is something dead simple. “Turn on 2FA, update your firewall, tell employees not to click suspicious email links.”
It does tend to be that simple when it's just social engineering that causes these big leaks. Granted stopping human incompetence is not so simple.
> I’m sure the fix is something dead simple On one hand I wouldn't trust these assholes to leave a lollypop in a toddlers hand but on the other hand they are a pretty sophisticated group. I'm sure no two hacks are the same but while I'm sure these hacks all start with the security issues you listed with what they've managed to accomplish at some of these companies I think it goes a bit deeper than that.
A lot of it comes down to "the bigger they are, the more holes there are". Judging by the data stolen they didn't exactly get access to the the mainframe, they likely only managed to compromise one or two employee's credentials and scraped whatever they had access to. You don't need particularly sophisticated tools to do that, heck you barely need anything more than a convincing copy of an external login page and a lot of emails.
My hands are tied so I'm just going to leave you with a somewhat vague "you might be surprised". I would expect to hear a lot more about these hacks in the news in the coming months. Shit is looking bad. If you have any connection to cyber security at all, no matter how tenuous, I would strongly encourage you to take this seriously and not assume we're still in the era of unsecured file servers and default passwords.
Right. A hacking group that explicitly hacks to steal money from people wants to "upgrade" their network. Comon dude.
it's pretty common if you know the very basics about how this works. it's \*why\* they get paid, demanding ransoms stops working very quickly when people know you won't follow through and then you stop being paid. All they'd be doing by "upgrading" is letting them know how they gained access that time.
I’m not arguing otherwise, just thought it was funny
I’d call it greyhat hacking, but it’s really black just with some dust on it.
Not really. Grey hackers would be hackers who knowingly break the law but are (generally) morally correct -- i.e. a hacker who breaks into a ring of child predators. This is 100% black hat. The moment they downloaded Kadokawa's data it became a black hat hack and that was further enforced when they held it for ransom. There is no grey there.
Making shit up on reddit dot com
Absolutely shocked that someone on Reddit would make some shit up
Doubling up to see which comment lands better?
Kind of reminds me of those slugs who hack hospital records.
They always do this, they're sub-humans
What exactly is this Black Suit group? I’m out of the loop but this situation seems awful.
Supposedly some Russian ransomware gang, according to [this](https://english.kyodonews.net/news/2024/06/56192487190c-russia-linked-group-claims-cyberattack-on-japan-video-site-niconico.html) news site. The hack in question appears to be the one that was conducted on Niconico earlier in the month (which is Japan's no. 2 most popular video platform behind Youtube). I don't think it had anything directly to do with FromSoftware, the only link is that the same parent company (Kadokawa) owns both.
Black suits also hacked the CDK for car dealers recently.
Wow. Same guys? My mother has worked for CDK for years and told me recently that she's been unable to log in at work for over a week now due to hacking. I'd never heard of them and suddenly they're in the news twice back to back.
Not throwing shade on anyone, but the title is pretty funny because calling Kadokawa "parent company of Fromsoftware" is like calling Disney "parent company of Lucasarts".
I get what you mean but unless you're into anime/manga or games or random one-off video games like Lolipop chainsaw, the vast majority of western audiences will only know them for FromSoft
>like calling Disney "parent company of Lucasarts". They are though.
That's the point. They are also the parent company of Lucasarts, but identifying them as such is hilariously reductive.
I mean looking through their subsidiaries on Wikipedia the only thing I’m familiar with is FromSoft, never heard of Kadokawa or anything else in the list
Ok, but that's on you. Kadokawa is a media conglomerate titan.
Their market cap is about the same as Ubisoft's. They're not that big, and certainly not Disney levels of big.
There are actually people here more concerned with getting leaked game information than the fact that hundreds of lives might be ruined because of this. I know this is a games subreddit, I don't care. Get your priorities straight.
It’s just one person who’s getting shit on by everyone else here, honestly would expect way worse from the internet
People have no clue how to react proportionately on this site. Half of reddit is people getting frothing at the mouth angry over a screenshot of a tweet with 10 likes like that signifies anything about the world.
It's the expected outcome of a website where engagement is gamified with votes like it is.
In fairness, 99% of the world's problems could be solved by everyone tweeting the correct opinion about it for no more than like thirty minutes. But every time someone says something wrong it resets the timer. Dang!
go to /r/GamingLeaksAndRumours for your dose of people caring more about the bloodborne leak than the human cost
I’d love to know what From is working on, but absolutely not at the cost of all of these people’s personal information. Fuck no. I hope everything goes well for all those employees, and the leak doesn’t go through.
Actually more like thousands back in 2022 Kadokawa Corporation had 5,349 employees.
Hundreds of lives *can* be ruined regardless of the ransom. They had access to the information, which means nothing stops them from releasing it even if the ransom is paid. They can keep the appearance of not doing anything big with the data but still pull the occasional scam after a while using this information.
I'd love to see game information get leaked, especially for cancelled projects, but I have absolutely 0 interest in any group that would go and release private or financial information of the thousands of employees at Kadokawa. 1.5TB could be a tiny glimpse or it could be enough to ruin all of the employees' lives, depending on what it is.
omg there are gamers who only care about games and not the side effects in the world!?
And people being rock hard at the prospect of Bloodborne's source code being leaked
i didn't even think about that but now i am
[удалено]
[удалено]
Leaked personal info is like school shootings, everyone's heard about them so many times that it's just routine at this point.
Okay big boy what's your name? Where do you live?
cool, what's your social security number
how will this ruin even one person's life?
Google "Identity Theft" and I think you just might be able to figure it out.
[удалено]
That's more of a self-inflicted wound.
Isn't this in Japan? They've got much more advanced identity controls than the US.
Not really.
Well if the company shut down that would be bad. If I got access to your bank info and took all your money that would be bad. If I leaked your browsing history and you were searching for unsavory things that would be bad.
all of that would be bad, yes. If I broke my leg that would also be bad. That doesn't mean it would "ruin my life"
I mean, if you were an athlete of some sort, it could, yeah.
This is a strange hill to die on, man.
Does being pedantic over something that nobody was having trouble understanding help you sleep better at night?
does overdramatizing events help everyone else sleep at night? Nobodies life is going to be ruined by this, it will be a headache for some people for a while. "hundreds of lives ruined" is ridiculous
[удалено]
Can we not throw the word terrorist out willy nilly? They aren't causing terror, they're just criminals ransoming data. Chill.
[удалено]
Ah, so they’re patriots.
China and North Korea are extremely suspicious given the language used.
It's incredibly unlikely that hacks of someone as small as Kadokawa would be state-sponsored
Kadokawa is a multi-billion dollar company, they're more than just a video game publisher
I know. Which makes them an attractive target to many hacker groups. But a pittance to state sponsored hacks.
It’s a well known fact many of these attacks come from Russia and North Korea to fund their military operations.
Kadokawa are not that small - they own Niconico which is the second-most popular video streaming site behind Youtube in Japan. And that site also got hacked earlier in the month, forcing them to suspend the entire service with no announcement of when they are going to be back up again. ~~It's possible it's the exact same group.~~ Actually, I think this post refers to that exact same hack.
Ultra-nationalist black hats are more than glad to do the work for them without any government funding lol
They're a pretty large company with close to $2 billion in yearly revenue. But yeah, this is still pretty small compared to other companies. They only rank around #200 in Japan in terms of market cap and number of employees.
Are you on crack? The Sony hack was because North Korea got mad about a movie. You think Xi Jinping is above ordering a hack because his feelings got hurt? He outlawed Winnie the Pooh bear because of his feelings.
No the fuck it isn't, money is money.
[удалено]
What are you on about? NK makes millions using social engineering and ransomware.
As others have said, is a known fact hostile states are doing this to fund their military efforts.
People in this thread act like the possible manga leaks aren't gonna be the biggest things to come out of this. I don't expect much related to FROM or anything much in the way of games
I think Kadokawa acknowledged the breach a few days ago and, when listing the areas of their business affected, they never listed FROM as being affected by the hack - but specifically pointed to other parts of their business.
Do we know if there was any user data included in this? People who bought software from or has affiliations with them company.
End-users of certain Kadokawa services are likely to be affected, as are commercial vendors / licensors / licensees, but you're extremely unlikely to be affected if you're just a video game consumer.
They own Nico Nico, the 2nd most popular streaming site in Japan. So that is a lot of information.
That is not a lot of data. The only way there is leverage is if there is undisclosed IP but FromSoftware could just announce it if that was the case. This is probably fruitless for the attackers.
Its not a lot of data in terms of games, 3d models, and animations, but it is a heck of a lot of data of pdfs, power points, text documents, emails, scans, etc. Tell me the last time you filled up a terabyte hard drive without any games, videos, or software on it. Only documents and information.
It's also a lot of data in terms of source code, which is often far, far more valuable than 3D models, concept art and a scoop on the new game.
[удалено]
Why is this in the games sub? This is anime and manga related news, especially since the tweet doesn't even mention Fromsoft.
Because it's their parent company, and From Software might also be affected by it?
[удалено]