For those of you interested in TLOU2 leaks and how it happened, here's your rundown I have no idea how many tweets this will be so buckle up
Every ND game has a "final" patch that is pushed to the game that contains an Amazon AWS key, that when paired with a secret bucket ID it will give full access to the server's contents. Theres a different key and bucket ID per game, this is important
This vulnerability was discovered recently and some hackers took full advantage of it, saving TLOU1, UC3, and other dev stuff. At the time, it was disclosed to me around early February, and was very early on so ~January 2020 it was discovered
Come March, keys and data was saved, somewhere around 1-3TB, though I can only say 1TB for sure. They were trying to dump TLOU1 in an effort to get that games key as UC3 had TLOU1 material, so surely TLOU1 had TLOU2? No idea in the end but come April things got spicy
In April all the leaks of story were validated by the footage posted. I cannot speak for the text posts with story, but I can say that the dates from discovery and disclosure match with timestamps in the footage as well. You can check yourself, bottom left of all footage
Come may 30th, late at night, the source that disclosed this to me stated that the key had changed so ND for sure knew how to resolve this issue, and no keys work with the bucket IDs now. This is good but theres more
The individual that spoke to me is a direct source of this compromise, but is NOT (as far as I am aware, or can tell) not the one that leaked this material. I say this because even they were weirdly skeptical about the "ND employee leaked things because they were mad"
I've been watching this for about 3 months now, and after speaking to a first hand source of this, my only conclusion is they (and their immediate circle) did not leak it, but shared information relating to what I described, and another party proceeded to leak such material
This is not the first time this has happened in circles like this either to boot. I trust their word as a first hand source of this happening, and I trust that theyre not dumb enough to leak it, but whether they leaked everything to get such is another story.
In regards to the devkit nonsense: yes you would need a devkit to do this and given that its relatively easy to get one (yes really, it is) this is not very much of a problem. I can say the circle for the vulnerability owns such hardware as well, I've seen the photos
What's the point I'm making? The point: there's plenty of room to argue an ND employee is involved, but from the evidence (which I have submitted to ND back in February) stands to point to an ND-made security vulnerability that was exploited. Not an angry employee
While I will not give names, I will say this: I've been around, I know leaks, I listen, I watch, I keep tabs on things. I've known about this for months and kept quiet publicly but since it's blocked out now and news coverage confirmed what I've known I decided to say so publicly
I have no affiliation with the group, I have no materials from the leak, and I'm not going to. I had my ass bitten once and I dont need a second round of it, but putting the truth out there is important, because even then you'll still have people saying it was an ND employee
Don't believe what sounds like the juiciest story, even if it's what you wanna hear. Sometimes it's really that boring. Hackerman exploiting a vulnerability created by the company's own games to gain internal access. Hopefully this has been enlightening for you
And as one final note: the person that spoke to me asked me about my previous legal run-in. That's primarily what led to this disclosure to begin with. I do not advocate or suggest stealing and leaking. Preservation is important, but dont do it through stealing.
Tacking this onto the bottom since people insist that it was an ND employee when no, it wasnt. Why you think it's an ND employee that leaked this is still baffling to me :
Anthony Vaccaro
@vaccaro3d
Like in case you were unaware, cyber crime divisions almost always find out who is responsible for leaked company information no matter the line of work or type of industry you are in. It's their full time job and they will find you eventually :)
Yeah I can't really blame people for believing that it came from a ND employee when a trusted journalist made a popular tweet that presumed that it was. Also it's fun how people here are shaming others for believing it might be an employee when a lot of people here wanted the leaker to be locked up regardless of their situation.Schrier mega fucked up by popularizing the postulation that it was a ND employee
I wouldn't be even suprised if Russia was behind this. Putin's government is very anti minority and anti women's rights, and TLoU 2 is apparently really pro minority and pro women. Their propaganda has targeted for example the latest Star Wars movies for the same reason, and I just checked their main propaganda site RT (Russia Today) and it had TWO articles about "how SJWs are ruining games/movies" and one of them was about this TLoU 2 leak.
I just find it really odd if any country would focus its propaganda towards some game leak, whereof most likely only hardcore gamers are aware of, unless the particular country was itself behind the leak. But it could just as well be some angry gamers.
Yes there should be consequencesGlad the truth came to light. Every carpetbagger on here who knowingly spread lies because they sensed blood in the water and had ulterior motives should be banned.
Jesus, calm down
Neither latest Star Wars or TLOU2 we're "targeted"
If that was the case then government simply banned them like Modern Warfare. You seeing thing that aren't there.
Yeah I can't really blame people for believing that it came from an ND employee when a trusted journalist made a popular tweet that presumed that it was. Also it's fun how people here are shaming others for believing it might be one when a lot of people here wanted the leaker to be locked up regardless of their situation.
Yeah I can't really blame people for believing that it came from a ND employee when a trusted journalist made a popular tweet that presumed that it was. Also it's fun how people here are shaming others for believing it might be an employee when a lot of people here wanted the leaker to be locked up regardless of their situation.
Ok, I see that the AWS security key was put on this patch and that led to accessing the S3 storage.
My question is: why for the love of God would you put your AWS security key on each copy of a game you're publishing??
I counted about 3 people in that 1000+ post thread that wanted theYeah I can't really blame people for believing that it came from a ND employee when a trusted journalist made a popular tweet that presumed that it was. Also it's fun how people here are shaming others for believing it might be an employee when a lot of people here wanted the leaker to be locked up regardless of their situation.
Regardless of who was behind this leak it doesn't remove the fact that RT (Russia Today) makes frequently several gamergate-type articles about movies and games to promote alt-right and gamergate agendas in other countries.
"A lot of people" = 2 or 3 people among the many in that thread. Most were actually calling them out for wanting blood before we knew the proper details, but now that we do, a crime has been committed and jail time is not out of the question for them, but I do hope the name or names don't come out because they don't need yet another thing to worry about besides what's already coming to them.Yeah I can't really blame people for believing that it came from a ND employee when a trusted journalist made a popular tweet that presumed that it was. Also it's fun how people here are shaming others for believing it might be an employee when a lot of people here wanted the leaker to be locked up regardless of their situation.
I think the guy that said who knew the Twitter account is verified on this site. I don't know where we needed Jason for this.
Thanks, I was on mobile so couldn't easily jump betwet the threads, otherwise I would've tagged you.Late to the thread, I know, but yeah Pixelbutts is a known quantity in the game preservation community, that by nature of what he does he hears about hacks and leaks like these behind the scenes all the time. I actually met him in person a few years back, and I trust him to know what he's talking about when it comes to this sort of stuff. Seems like I was right to, in this case!
I'm just glad to hear Naughty Dog are paying their devs and healthcare during this pandemic, which is a turnaround from their previous labour abuses.
Just because a bad thing is practiced by others, doesn't excuse them. There are other devs who make an effort to avoid crunch but there are devs that champion it.Turn around? jschreier has stated that most of the devs he's spoken to over the years have said that ND is an amazing place to work at, besides the crunch. Crunch is awful but it's not like it's just a ND problem, it's an industry wide thing, no?
Fuck Im really curious about MP actually. Wish there was a safe way to ask about MP but Im too scared to go into the Spoiler thread.1 and a half hours of footage, mostly including highly pivotal story moments alongside a few gameplay sections and smaller story segments. The ending itself hasn't been leaked so there's still an air of mystery surrounding that, but be warned that most of the other story developments have been shown. Some multiplayer screenshots as well.
Basically.
Each and every ND game that gets patch updates a key from a server after it gets patched, and that server gives you and millions of other people keys to look at that server. That server did not have any authentication what so ever. As far as I was told once you gave it the key that you had gotten it literally just opened the doors, and where do you think the copy of the game that leaked was :P
If OP wants to thread mark this because this is the legitimate way it was taken from ND. Blame them for storing information like that in such a unsecure spot.
I also want to point out I literally had nothing to do with the leak. I just was told how it happened.
I'm just glad to hear Naughty Dog are paying their devs and healthcare during this pandemic, which is a turnaround from their previous labour abuses.
This is what I'm Thinking, especially when everyone at home right now..... that should of been the first thing they should of told thier dev teams! Beef up your security, because people will be trying to hack you! Something else I'm thinking is why on earth do companies put future code into old releases? I seen this befor, as it's how contents of a free mobile act that play where spoiled. Just seems like a strange concept?how did Sony not learn from the 2013 hack and have a team of white hats looking for vulnerabilities.
Not that ND shouldn't be criticized but some of these people act like crunch is some ND exclusive deal.You are surprised ND are paying their devs?! Crunch is what they're guilty of, and it's an industry problem so I would quit the console wars agenda.
Just got a Angry Joe video recommendation on the spoilers. The thumbnail was just him with his upset angry face, lol. I'm sure the influx of angry YouTubers are going to become even more unbearable. ND has been claiming a bunch of videos to try to squash spoilers.
Whoever has done this sounds like he's going to jail for hacking.
Yup, it's bizarre. I've never seen anything like it. The same people that quote Jason Schrier's article on crunch culture at ND are now the same people saying he's not to be believed and that he's a Sony shill now because his story doesn't fit their agenda. How does this even make logical sense lol?On a side note, it's honestly amusing but also scary and shocking watching people on social media go from championing Jason to hating on and trying to discredit him, depending on whether what he's saying fits their agenda or not. It must be exhausting for him.
He went from being the ND hating champion when he posted the crunch articles, to being a corporate boot-licker the moment he started questioning the unpaid disgruntled employee fake rumours and the leaks moral implications to devs/fans. Essentially many wanted you to believe his insider contacts and knowledge when it came to negative ND details (crunch), but not when it came to this leak or positive ND stuff (eg them paying staff extra during Covid19) lol.
For the last time its not just about leaking a game.
I've seen some bizarre takes in this thread. 😆 I thought you were being serious as well.I didnt think the tacit /s was necessary... looks like it is lol.
To answer both your questions in one: Sony is primarily a hardware company while Microsoft is primarily software (more so SaaS). Microsoft has built entire platforms and services that they market to various clients in various industries.2 things:
how did Sony not learn from the 2013 hack and have a team of white hats looking for vulnerabilities.
we will most certainly never see the arrest or apprehension of these individuals publicly.
I wonder if Microsoft will provide beefier protections when they move to azure
It's not even just that thing that people need to own up to.
There are tons of things that the rumor mill has damaged for ND that people got wrong that it's insane. Even before the crunch story, there were people talking narrative possibilities that were false.
The internet should use TLOU2 as an example of how to run stories and discuss topics. Outside of the crunch story, literally zero research went into false stories like that fake Edgar employee, ND striking YouTube channels, not paying employees, fridging, this leaker story, 70% workforce leaving because of the story's politics...all based on complete bullshit.
I know they're waiting until after release to talk, but, I kinda wish Neil could talk about all the business stuff openly, now. I know the potential problems that come with that, but, I feel like it would help a little.
Just going off of what has been said. I doubt it's true and it's more of the same outrage gaming YouTubers that do this to get more views.We had a thread closed yesterday about that because there was no proof that was happening. Has anything more come out about that?
Oh. In that case it was hackers. Not a disgruntled employee coz ND said so.
Schrier mega fucked up by popularizing the postulation that it was a ND employee
Yeah lol because people have said this stuff.I've seen some bizarre takes in this thread. 😆 I thought you were being serious as well.