Do you have time to answer a really short survey for us ?
(5 questions; 35s to answer on average
Yes    I'll do it later    No

Forum - View topic
NEWS: Hackers Claim Breach of Senior Employee Account at Viz Media




Note: this is the discussion thread for this article

Anime News Network Forum Index -> Site-related -> Talkback
View previous topic :: View next topic  
Author Message
Cypher997



Joined: 08 Apr 2025
Posts: 192
PostPosted: Mon Nov 03, 2025 5:48 pm Reply with quote
Whenever a large company like Insomniac Games or Viz Media gets hacked, it points to them being complacent in their cybersecurity practices. That complacency ends up costing them with their employees personal information being out in the wild. Hopefully, the higher ups at Viz Media are taking the most appropriate actions so it doesn't occur again.
Back to top
View user's profile Send private message
mdo7



Joined: 23 May 2007
Posts: 8241
Location: Katy, Texas, USA
PostPosted: Mon Nov 03, 2025 6:46 pm Reply with quote
Oh no, not again!!!
Back to top
View user's profile Send private message Visit poster's website My Anime My Manga
SilverTalon01



Joined: 02 Apr 2012
Posts: 2450
PostPosted: Mon Nov 03, 2025 8:18 pm Reply with quote
How do you have both this:

Quote:
The hackers claimed to have stolen e-mails, non-disclosure agreements (NDAs), licensing agreements, employee credentials, future business plans, employee social security numbers, invoices, and royalty statements.


And this:

Quote:
The news outlet added the hackers likely gained access to a single person's account.


Seems like either that second part is BS, or why the hell does one person have access to all of those different types of things? Or did they mean the point of entry only a single account which allowed for the compromise of other accounts?
Back to top
View user's profile Send private message
HereforUpdates



Joined: 23 Oct 2024
Posts: 24
Location: Florida
PostPosted: Mon Nov 03, 2025 8:21 pm Reply with quote
SilverTalon01 wrote:
How do you have both this:

Quote:
The hackers claimed to have stolen e-mails, non-disclosure agreements (NDAs), licensing agreements, employee credentials, future business plans, employee social security numbers, invoices, and royalty statements.


And this:

Quote:
The news outlet added the hackers likely gained access to a single person's account.


Seems like either that second part is BS, or why the hell does one person have access to all of those different types of things? Or did they mean the point of entry only a single account which allowed for the compromise of other accounts?


Sounds like someone like having global access to things
Back to top
View user's profile Send private message Visit poster's website
Mikan-box Glasses-kun



Joined: 21 Apr 2023
Posts: 95
PostPosted: Mon Nov 03, 2025 8:40 pm Reply with quote
SilverTalon01 wrote:
Seems like either that second part is BS, or why the hell does one person have access to all of those different types of things? Or did they mean the point of entry only a single account which allowed for the compromise of other accounts?

The article states that it was a senior executive that fell victim to social engineering, meaning that just one account had access to all of those things.
Back to top
View user's profile Send private message
Glordit



Joined: 11 Sep 2020
Posts: 1203
PostPosted: Mon Nov 03, 2025 9:16 pm Reply with quote
"Hey it's Jeff from accounting, what's your password again? I forgot mine and Cyber security is out of the office and I need to access some accounts"
Back to top
View user's profile Send private message
Jeff Bauersfeld



Joined: 07 Dec 2015
Posts: 116
PostPosted: Tue Nov 04, 2025 6:29 am Reply with quote
SilverTalon01 wrote:
How do you have both this:

Quote:
The hackers claimed to have stolen e-mails, non-disclosure agreements (NDAs), licensing agreements, employee credentials, future business plans, employee social security numbers, invoices, and royalty statements.


And this:

Quote:
The news outlet added the hackers likely gained access to a single person's account.


Seems like either that second part is BS, or why the hell does one person have access to all of those different types of things? Or did they mean the point of entry only a single account which allowed for the compromise of other accounts?


Sounds like Viz didn't segregate duties, so one senior executive had access to all that info, whether they directly had access to it like through reports, or they had administrative access and the hacker was able to laterally move through the system to somewhere they could access that info.
Back to top
View user's profile Send private message
SilverTalon01



Joined: 02 Apr 2012
Posts: 2450
PostPosted: Tue Nov 04, 2025 6:06 pm Reply with quote
Mikan-box Glasses-kun wrote:
SilverTalon01 wrote:
Seems like either that second part is BS, or why the hell does one person have access to all of those different types of things? Or did they mean the point of entry only a single account which allowed for the compromise of other accounts?

The article states that it was a senior executive that fell victim to social engineering, meaning that just one account had access to all of those things.


Um, I think you're misunderstanding how responsible organizations operate. There is no reason for a senior executive to have access to all of that. The cited items include legal agreements, security credentials, and HR data. Those things are very different, and the second one in itself is a wtf. An executive account has access to grab employee credentials? Why? Typically senior executives do have access to sensitive information, but they typically have less system access to things like HR databases and credential vaults. So yeah, none of what you said is a reasonable explanation whatsoever.

Jeff Bauersfeld wrote:
Sounds like Viz didn't segregate duties, so one senior executive had access to all that info, whether they directly had access to it like through reports, or they had administrative access and the hacker was able to laterally move through the system to somewhere they could access that info.


Right. So either they run Viz like a mom and pop shop, or in your second option, it wasn't a single account. The idea of some Viz exec reading through a report of employee credentials and reacting that 1234 was the same password they used for their luggage amuses me. I think I've found my head canon.
Back to top
View user's profile Send private message
Greed1914



Joined: 28 Oct 2007
Posts: 5384
PostPosted: Wed Nov 05, 2025 11:11 am Reply with quote
SilverTalon01 wrote:
Mikan-box Glasses-kun wrote:
SilverTalon01 wrote:
Seems like either that second part is BS, or why the hell does one person have access to all of those different types of things? Or did they mean the point of entry only a single account which allowed for the compromise of other accounts?

The article states that it was a senior executive that fell victim to social engineering, meaning that just one account had access to all of those things.


Um, I think you're misunderstanding how responsible organizations operate. There is no reason for a senior executive to have access to all of that. The cited items include legal agreements, security credentials, and HR data. Those things are very different, and the second one in itself is a wtf. An executive account has access to grab employee credentials? Why? Typically senior executives do have access to sensitive information, but they typically have less system access to things like HR databases and credential vaults. So yeah, none of what you said is a reasonable explanation whatsoever.

Jeff Bauersfeld wrote:
Sounds like Viz didn't segregate duties, so one senior executive had access to all that info, whether they directly had access to it like through reports, or they had administrative access and the hacker was able to laterally move through the system to somewhere they could access that info.


Right. So either they run Viz like a mom and pop shop, or in your second option, it wasn't a single account. The idea of some Viz exec reading through a report of employee credentials and reacting that 1234 was the same password they used for their luggage amuses me. I think I've found my head canon.


Yeah, it makes sense that the higher up someone is the more likely they are to have use for that information or need to be able to see it, but that doesn't have to mean they need direct access for exactly this type of reason. The payroll department would need SSNs for taxes, but the boss doesn't need to access those to know what is going on with payroll, for example.

I certainly understand how annoying it is to have to separate credentials or wait for someone to come in before you can ask them to help you with it, but it can be the difference between someone getting access to some data or all of it.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Anime News Network Forum Index -> Site-related -> Talkback All times are GMT - 5 Hours
Page 1 of 1

 


Powered by phpBB © 2001, 2005 phpBB Group