| View previous topic :: View next topic |
| Author |
Message |
|
|
|
Cypher997
Joined: 08 Apr 2025
Posts: 192
|
Posted: Mon Nov 03, 2025 5:48 pm |
|
|
|
Whenever a large company like Insomniac Games or Viz Media gets hacked, it points to them being complacent in their cybersecurity practices. That complacency ends up costing them with their employees personal information being out in the wild. Hopefully, the higher ups at Viz Media are taking the most appropriate actions so it doesn't occur again.
|
| Back to top |
|
|
|
mdo7
Joined: 23 May 2007
Posts: 8241
Location: Katy, Texas, USA
|
Posted: Mon Nov 03, 2025 6:46 pm |
|
|
|
|
| Back to top |
|
|
|
|
SilverTalon01
Joined: 02 Apr 2012
Posts: 2450
|
Posted: Mon Nov 03, 2025 8:18 pm |
|
|
How do you have both this:
| Quote: | | The hackers claimed to have stolen e-mails, non-disclosure agreements (NDAs), licensing agreements, employee credentials, future business plans, employee social security numbers, invoices, and royalty statements. |
And this:
| Quote: | | The news outlet added the hackers likely gained access to a single person's account. |
Seems like either that second part is BS, or why the hell does one person have access to all of those different types of things? Or did they mean the point of entry only a single account which allowed for the compromise of other accounts?
|
| Back to top |
|
|
|
|
HereforUpdates
Joined: 23 Oct 2024
Posts: 24
Location: Florida
|
Posted: Mon Nov 03, 2025 8:21 pm |
|
|
| SilverTalon01 wrote: | How do you have both this:
| Quote: | | The hackers claimed to have stolen e-mails, non-disclosure agreements (NDAs), licensing agreements, employee credentials, future business plans, employee social security numbers, invoices, and royalty statements. |
And this:
| Quote: | | The news outlet added the hackers likely gained access to a single person's account. |
Seems like either that second part is BS, or why the hell does one person have access to all of those different types of things? Or did they mean the point of entry only a single account which allowed for the compromise of other accounts? |
Sounds like someone like having global access to things
|
| Back to top |
|
|
|
Mikan-box Glasses-kun
Joined: 21 Apr 2023
Posts: 95
|
Posted: Mon Nov 03, 2025 8:40 pm |
|
|
| SilverTalon01 wrote: | | Seems like either that second part is BS, or why the hell does one person have access to all of those different types of things? Or did they mean the point of entry only a single account which allowed for the compromise of other accounts? |
The article states that it was a senior executive that fell victim to social engineering, meaning that just one account had access to all of those things.
|
| Back to top |
|
|
|
Glordit
Joined: 11 Sep 2020
Posts: 1203
|
Posted: Mon Nov 03, 2025 9:16 pm |
|
|
|
"Hey it's Jeff from accounting, what's your password again? I forgot mine and Cyber security is out of the office and I need to access some accounts"
|
| Back to top |
|
|
|
|
Jeff Bauersfeld
Joined: 07 Dec 2015
Posts: 116
|
Posted: Tue Nov 04, 2025 6:29 am |
|
|
| SilverTalon01 wrote: | How do you have both this:
| Quote: | | The hackers claimed to have stolen e-mails, non-disclosure agreements (NDAs), licensing agreements, employee credentials, future business plans, employee social security numbers, invoices, and royalty statements. |
And this:
| Quote: | | The news outlet added the hackers likely gained access to a single person's account. |
Seems like either that second part is BS, or why the hell does one person have access to all of those different types of things? Or did they mean the point of entry only a single account which allowed for the compromise of other accounts? |
Sounds like Viz didn't segregate duties, so one senior executive had access to all that info, whether they directly had access to it like through reports, or they had administrative access and the hacker was able to laterally move through the system to somewhere they could access that info.
|
| Back to top |
|
|
|
|
SilverTalon01
Joined: 02 Apr 2012
Posts: 2450
|
Posted: Tue Nov 04, 2025 6:06 pm |
|
|
| Mikan-box Glasses-kun wrote: | | SilverTalon01 wrote: | | Seems like either that second part is BS, or why the hell does one person have access to all of those different types of things? Or did they mean the point of entry only a single account which allowed for the compromise of other accounts? |
The article states that it was a senior executive that fell victim to social engineering, meaning that just one account had access to all of those things. |
Um, I think you're misunderstanding how responsible organizations operate. There is no reason for a senior executive to have access to all of that. The cited items include legal agreements, security credentials, and HR data. Those things are very different, and the second one in itself is a wtf. An executive account has access to grab employee credentials? Why? Typically senior executives do have access to sensitive information, but they typically have less system access to things like HR databases and credential vaults. So yeah, none of what you said is a reasonable explanation whatsoever.
| Jeff Bauersfeld wrote: | | Sounds like Viz didn't segregate duties, so one senior executive had access to all that info, whether they directly had access to it like through reports, or they had administrative access and the hacker was able to laterally move through the system to somewhere they could access that info. |
Right. So either they run Viz like a mom and pop shop, or in your second option, it wasn't a single account. The idea of some Viz exec reading through a report of employee credentials and reacting that 1234 was the same password they used for their luggage amuses me. I think I've found my head canon.
|
| Back to top |
|
|
|
Greed1914
Joined: 28 Oct 2007
Posts: 5384
|
Posted: Wed Nov 05, 2025 11:11 am |
|
|
| SilverTalon01 wrote: | | Mikan-box Glasses-kun wrote: | | SilverTalon01 wrote: | | Seems like either that second part is BS, or why the hell does one person have access to all of those different types of things? Or did they mean the point of entry only a single account which allowed for the compromise of other accounts? |
The article states that it was a senior executive that fell victim to social engineering, meaning that just one account had access to all of those things. |
Um, I think you're misunderstanding how responsible organizations operate. There is no reason for a senior executive to have access to all of that. The cited items include legal agreements, security credentials, and HR data. Those things are very different, and the second one in itself is a wtf. An executive account has access to grab employee credentials? Why? Typically senior executives do have access to sensitive information, but they typically have less system access to things like HR databases and credential vaults. So yeah, none of what you said is a reasonable explanation whatsoever.
| Jeff Bauersfeld wrote: | | Sounds like Viz didn't segregate duties, so one senior executive had access to all that info, whether they directly had access to it like through reports, or they had administrative access and the hacker was able to laterally move through the system to somewhere they could access that info. |
Right. So either they run Viz like a mom and pop shop, or in your second option, it wasn't a single account. The idea of some Viz exec reading through a report of employee credentials and reacting that 1234 was the same password they used for their luggage amuses me. I think I've found my head canon. |
Yeah, it makes sense that the higher up someone is the more likely they are to have use for that information or need to be able to see it, but that doesn't have to mean they need direct access for exactly this type of reason. The payroll department would need SSNs for taxes, but the boss doesn't need to access those to know what is going on with payroll, for example.
I certainly understand how annoying it is to have to separate credentials or wait for someone to come in before you can ask them to help you with it, but it can be the difference between someone getting access to some data or all of it.
|
| Back to top |
|
|
|
|