Jason Schreier - Hackers found a security vulnerability in a patch for an older ND game and used it to leak TLOU 2

MH MD · May 3, 2020

Maybe i am missing something so please correct me if i am wrong, but i what i took from the Twitter thread is that the vulnerability was discovered in January and they made ND aware of it, yet they didn't do anything and the leaks /hacking happened in March, only after the leaks made public they dealt with the invulnerability

sorry but the story doesn't make sense to me, they should have dealt with that security breach as soon as they found it, not leaving it for months, this make them look even more incompetent, I wouldn't blame people if they are skeptical of this story as well the way it's presented now, and even some more knowledgeable people about tech security and such find this story weird

Deleted member 20297 · May 3, 2020

Twitter > Era > Jason > Twitter > Era ?

TheModestGun · May 3, 2020

ianpm31 said:
What's going to happen to the "bad" ND narrative?

The weirdos with ulterior motives will probably continue to push as much hate as possible. The goal posts will move and some will probably say something like "well they deserved it for their crunch practices."

Akelisrain · May 3, 2020

Manfred said:
Failed blackmail maybe, the amount of ransomed companies have explode the last decade, though I am not sure it's valid regarding monsters like Sony. Also people who found the hack aren't necessarily those who exploited it. Hackers aren't enjoy more a thing than hacking hackers.

I am aware, just silly to think that thought about it most likely. Said fuck it, just docit.

MJForum Poster · May 3, 2020

MH MD said:
Maybe i am missing something so please correct me if i am wrong, but i what i took from the Twitter thread is that the vulnerability was discovered in January and they made ND aware of it, yet they didn't do anything and the leaks /hacking happened in March, only after the leaks made public they dealt with the invulnerability

sorry but the story doesn't make sense to me, they should have dealt with that security breach as soon as they found it, not leaving it for months, this make them look even more incompetent, I wouldn't blame people if they are skeptical of this story as well the way it's presented now, and even some more knowledgeable people about tech security and such find this story weird

I agree that is normally the case, but typically disclosure only happens if the company goes radio silent. For example, I find an issue with something in June. I report it to them then, they initially say they will fix it, but then I never hear back from them and its still there in the fall. After multiple follow-ups, then I might go public with the vulnerability to shame them into it - but only after I've attempted responsible disclosure for a few months.

However, there are some vulns that are so significant that I still wouldn't disclose publicly, and instead work with a journalist to try and create a story about a generic 'issue'. So I wouldn't absolve the leaker completely; however, Naughty Dog/Sony should've engaged with them more if the story is true, especially with a high-profile title such as this.

Araujo · May 3, 2020

i would like to say that the next Castle Super Beast Will be interesting... but the 30 seconds Pat will reserve to say "So i was wrong, eh, whatever" wont be that.

DigSCCP · May 3, 2020

Now wait for some people to find a way to twist this into another "this is because ND are the bad guys" somehow.
Maybe the unpaid employee paid some hackers to do this ? What about that ? Who's with me ? Let's start another false narrative /s

Nightengale · May 3, 2020

c0de said:
Twitter > Era > Jason > Twitter > Era ?

More like:

Twitter(unvalidated) > Era(unvalidated) > Jason (validation with internal sources) > Twitter(validated) >Era(validated)

The key role Jason plays in this - is validating speculation and potential causes through obtaining first-hand information of what was communicated about incident internally from ND employees and people familiar with the matter, and his credibility as a reporter.

Thorn · May 3, 2020

Araujo said:
i would like to say that the next Castle Super Beast Will be interesting... but the 30 seconds Pat will reserve to say "So i was wrong, eh, whatever" wont be that.

The more wrong Pat is the more he doubles down.

Plum · May 3, 2020

It's nice to know what's happening, but honestly I'm getting a little weirded out by the rhetoric in here surrounding Naughty Dog and how anybody who sees them as 'bad' at this point is somehow in the wrong.

It's entirely possible to go against false bullshit narratives like this, and the often-awful consequences they have for regular people, without suddenly trying to make it seem like there isn't a problem at the company that needs to be called out whenever possible. We shouldn't make it so that criticising Naughty Dog's crunch somehow puts you 'in line' with people spreading and/or creating misinformation.

m4st4 · May 3, 2020

DigSCCP said:
Now wait for some people to find a way to twist this into another "this is because ND are the bad guys" somehow.
Maybe the unpaid employee paid some hackers to do this ? What about that ? Who's with me ? Let's start another false narrative /s

Oh I don't doubt it for a second just you wait. Anything to support 'ND bad' Mulder theories.

Employees got extra paid due to work from home and covid. That's extra, not lesser than before. That's also after Jason's crunch article.

Deleted member 20297 · May 3, 2020

The way security is handled in the gaming industry doesn't really sound confident. I guess for game devs it's not really important and we've seen hackers using game exploits to hack a console but if that is true also for the gaming infrastructure nowadays like aws (why even use that?) it seems that this can lead to unwanted data exposition which is common nowadays anyways. Many companies think they need the cloud to put their data to.

The Gold Hawk · May 3, 2020

Phew. Glad that was resolved.

Now we can all go back to demanding excessive, damaging or abusive penalties for the people involved without the slightest hint of irony.

Without, looking at the tweets was this an exploit of something in place prior to the lockdown or after?

The latter would be more excusable on NDs part.

Deleted member 20297 · May 3, 2020

Nightengale said:
More like:

Twitter(unvalidated) > Era(unvalidated) > Jason (validation with internal sources) > Twitter(validated) >Era(validated)

The key role Jason plays in this - is validating speculation and potential causes through obtaining first-hand information of what was communicated about incident internally from ND employees and people familiar with the matter, and his credibility as a reporter.

I think the guy that said who knew the Twitter account is verified on this site. I don't know where we needed Jason for this.

mclem · May 3, 2020

DieH@rd said:
For those who want safe way to read this twitter thread:

I have to admit, I can't quite see the *point* of the 'final' patch containing this Amazon AWS key and bucket ID. It sounds like something you'd do for archival reasons (so the data you'd get would be everything you'd need to recreate that specific build of the game), but why make it part of the patch itself, and not archive those values elsewhere? Is this some sort of convoluted PGP setup?

When I worked on games, one of the last acts we did was a comprehensive source and assets backup so we could, in principle, recreate the specific published build from scratch if necessary, so I get why you'd want that data stored somewhere (although if that *was* the purpose of this, I'm somewhat surprised that it was everything they had rather than just this critical information!). Also, if this was that... I'm surprised there's no leaker waving the source around, because with ND's engine prowess, that could be highly valuable, moreso than the leaks.

Now I'm wondering if this is a 'the leaks prove this is real... now, let's discuss a price for the source' scenario on the part of the hackers.

m4st4 · May 3, 2020

The Gold Hawk said:
Phew. Glad that was resolved.

Now we can all go back to demanding excessive, damaging or abusive penalties for the people involved without the slightest hint of irony.

Without, looking at the tweets was this an exploit of something in place prior to the lockdown or after?

The latter would be more excusable on NDs part.

Class B misdemeanor to a class B felony. (six months in jail + 1000$ fine up to 20 years in jail and 20k$), depending on the severity of the hacking and crime.

Fezan · May 3, 2020

ND actually extended pay and healthcare benefits for contractors due to covid.

Wow such a bad management at ND. No wonder disgruntled employee released the data

Necron · May 3, 2020

Reminds me of Half-Life 2.

Shopolic · May 3, 2020

DrakenAstro said:
Has a game ever been brutally leaked like this before?

Others said about HL2, but Doom 3 had something like that too, but maybe not as big as HL2. It was a massive leak in 2002 or 2003 with 3,4 levels from alpha version, including this famous scene.
I played those levels on my computer with super low frame rate, something like 10fps!

EduBRK · May 3, 2020

For those who did not want to read the Tweets, in layman terms:

It was Naughty Dog's negligence that led up to the hack. They sent the access key's to some of their's "servers" in the final patch of they're games. People found out, accessed the "server" of TLOU 1 and apparently there was 2 footage there, for some reason. Actually, this last part is not totally explained...

But I don't understand why they sent the private key... one very dumb reason could be they are finished with the development and they merge everything in the master branch and delete other branches, and in this merge, this key is added in the master, and sent for the patch.

Which I really hope is not what happens...

Siresly · May 3, 2020

If the hackers had full access to ND servers (dunno if they did), it kind of sounds like this could've been worse. Who knows what else was on those servers.
I feel like this is basically wrapped up now. The perps are essentially caught, we know what they did and that it's against the law.
Now it's just up to the legal process to take forever at delivering apt consequences. And for the last of us to dodge spoilers until June.

Just cause I'm getting whiffs of vibes of the fake bad thing diminishing the credibility of the real bad thing:
Whatever questionable work culture stuff was going on at Naughty Dog continues being questionable if it's still happening.

Calverz · May 3, 2020

Oh. In that case it was hackers. Not a disgruntled employee coz ND said so.

Deleted member 923 · May 3, 2020

Calverz said:
Oh. In that case it was hackers. Not a disgruntled employee coz ND said so.

Lol. Embarrassing.

Deleted member 135 · May 3, 2020

TheModestGun said:
The weirdos with ulterior motives will probably continue to push as much hate as possible. The goal posts will move and some will probably say something like "well they deserved it for their crunch practices."

Yeah, you've got a split on places like Twitter between just dumbass fanboys who spread FUD because they are trolls, chuds who spread FUD because of sociopolitical agendas (typically anti-progressives), and actual paid (third party or otherwise) astroturfers doing guerilla marketing.

LetalisAmare · May 3, 2020

Calverz said:
Oh. In that case it was hackers. Not a disgruntled employee coz ND said so.

Jesus. Not enough eye rolls on the planet for dumb posts like this.

Calverz · May 3, 2020

T-Rex. said:
Lol. Embarrassing.

Not really. Take everything with a pinch of salt rather than swallowing down whatever ND says.

Azaan60 · May 3, 2020

Calverz said:
Not really. Take everything with a pinch of salt rather than swallowing down whatever ND says.

Jesus you are pathetic.

Plum · May 3, 2020

Fezan said:
ND actually extended pay and healthcare benefits for contractors due to covid.

Wow such a bad management at ND. No wonder disgruntled employee released the data

I know you're trying to make some weird 'gotcha' but, yeah, there is still bad management at Naughty Dog that enforces crunch and makes subordinates watch snuff films.

So maybe lets not move into "everything is fine," territory just because they were unfortunate enough to be hacked like this.

Calverz · May 3, 2020

bryanee said:
Jesus. Not enough eye rolls on the planet for dumb posts like this.

And certainly not enough for your attitude to questioning things your told by the people who are in damage limitation mode.

Fredo · May 3, 2020

c0de said:
The way security is handled in the gaming industry doesn't really sound confident. I guess for game devs it's not really important and we've seen hackers using game exploits to hack a console but if that is true also for the gaming infrastructure nowadays like aws (why even use that?) it seems that this can lead to unwanted data exposition which is common nowadays anyways. Many companies think they need the cloud to put their data to.

Do you have experience with enterprise storage solutions? It's not exactly simple to build what AWS offers in terms of global replication, redundancy, ease of expansion, etc.

Putting your data in your own data center doesn't make it less exposed.

Calverz · May 3, 2020

no need for insults. Im simply questioning this new developments.

test_account · May 3, 2020

I've avoided pretty much every information around this leak to avoid potential spoilers, but can someone answer in short what exactly has leaked? Is it a video of someone playing through the whole game? Or has the game itself leaked?

LetalisAmare · May 3, 2020

Calverz said:
And certainly not enough for your attitude to questioning things your told by the people who are in damage limitation mode.

Congrats you got another eye roll for another dumb post.

Are you one of those crazies who thinks the US caused 9/11?

Chaos2Frozen · May 3, 2020

Calverz said:
no need for insults. Im simply questioning this new developments.

With what? Gut feeling?

Calverz · May 3, 2020

bryanee said:
Congrats you got another eye roll for another dumb post.

Are you one of those crazies who thinks the US caused 9/11?

Not at all. Why are you bringing up 9/11? Not very appropriate is it?

Izanagi89 · May 3, 2020

People are still gonna twist this. This crusade to destroy ND and make sure as many people are spoiled is utterly disgusting. I'm not trying to defend any company but people poured their hearts into this game, and for some to just destroy all of that is just plain vile

Calverz · May 3, 2020

Chaos2Frozen said:
With what? Gut feeling?

Well would it benefit ND to say this was the cause? Rather than unhappy employees? Thats what i'm questioning.

LetalisAmare · May 3, 2020

Calverz said:
Not at all. Why are you bringing up 9/11? Not very appropriate is it?

Have another eye roll in gif form

Nightengale · May 3, 2020

So those ND employees were willing to talk to Jason about the grueling crunch, how badly it affects their livelihood there, how there are employees within the company hoping the game would fail so that it induces culture change with the company.

And now those ND employees will also lie to Jason now to 'protect the company' even as they previously shared unceremonious stories?

Calverz · May 3, 2020

bryanee said:
Have another eye roll in gif form

Ok. Well perhaps you wont bring up 9/11 in a gaming forum debate again. Lifes for learning i guess.

Chaos2Frozen · May 3, 2020

Calverz said:
Well would it benefit ND to say this was the cause? Rather than unhappy employees? Thats what i'm questioning.

.

Nightengale said:
So those ND employees were willing to talk to Jason about the grueling crunch, how badly it affects their livelihood there, how there are employees within the company hoping the game would fail so that it induces culture change with the company.

And now those ND employees will also lie to Jason now to 'protect the company' even as they previously shared unceremonious stories?

Biske · May 3, 2020

That is some wild stuff. Shit like this really reinforces that life is a nonlinear adventure and all sorts of crazy shit is possible.

Must be a nightmare trying to have good cyber security and protection against such things

debu7058 · May 3, 2020

DigSCCP said:
Now wait for some people to find a way to twist this into another "this is because ND are the bad guys" somehow.
Maybe the unpaid employee paid some hackers to do this ? What about that ? Who's with me ? Let's start another false narrative /s

1. Naughty Dog is still lying to stop bad PR.
2. The game releases and receives critical and sale success most of us forget about this.
3. After the release Sony / ND / Journalist provides details of the hacking incident. Others say Sony is still lying.
4. The people involved with the hacking get caught, trials in court happens and they are found guilty. People say Sony gave the person money to take the fall to hide the unpaid employee problems.

Its 2023 next ND game is due in the near future. Jason writes an article about ND crunch culture.

m4st4 · May 3, 2020

Calverz said:
And certainly not enough for your attitude to questioning things your told by the people who are in damage limitation mode.

What? Like the guy who wrote an article calling ND out for crunch confirming the hack? Or the fact that all employees were paid due to covid situation.

Please.

Plum · May 3, 2020

test_account said:
I've avoided pretty much every information around this leak to avoid potential spoilers, but can someone answer in short what exactly has leaked? Is it a video of someone playing through the whole game? Or has the game itself leaked?

1 and a half hours of footage, mostly including highly pivotal story moments alongside a few gameplay sections and smaller story segments. The ending itself hasn't been leaked so there's still an air of mystery surrounding that, but be warned that most of the other story developments have been shown. Some multiplayer screenshots as well.

xtib81 · May 3, 2020

So many people want ND to fail. That's what happens when you are at the top.

Deleted member 52442 · May 3, 2020

welp, no ones gonna be able to bring up naughty dog's crunch for a good while around here

too bad people immediately used the leak to attach it to their own agenda, big backfire now

Yuntu · May 3, 2020

Calverz said:
Not really. Take everything with a pinch of salt rather than swallowing down whatever ND says.

But ND didnt say anything on this regarding how it happened? Am I missing something here? They only stated they found the individuals in question and nothing else.

Also why should Jason of all people defend ND? If ND really did what random Reddit post said Jason would write a detailed article about it. Because he wouldnt stay silent on that.

LetalisAmare · May 3, 2020

Calverz said:
Ok. Well perhaps you wont bring up 9/11 in a gaming forum debate again. Lifes for learning i guess.

Maybe you wont be a crazy conspiracy theorist in the future.

Stinkinmushroom · May 3, 2020

Haven't seen or read any spoilers, but from what i read now, the whole story as leaked? I thought it was just a couple of videos?

Jason Schreier - Hackers found a security vulnerability in a patch for an older ND game and used it to leak TLOU 2

User requested account closure

User requested account closure

User requested account closure

▲ Legend ▲

Prophet of Regret

User requested account closure

User requested account closure

Prophet of Regret