Popular video game publisher Rockstar Games had source code and assets belonging to its Grand Theft Auto (GTA) 5 and 6 snatched by a hacker over the weekend. The cybercrook claims to have breached Rockstar Game’s Slack server and Confluence wiki. They published gameplay videos of GTA 6, which is still under development, onto GTAforums on Saturday, September 17.
The videos consequently made their way onto YouTube and Twitter, though Rockstar’s parent company, Take-Two Interactive, issued a copyright claim to have the content taken down.
To prove the hack, the actor, using the username “teapotuberhacker” on GTAforums, released screenshots of GTA 5 and 6 source code on the site. They also claimed to be responsible for the massive Uber hack a week ago, as the username implies. However, it is unclear at this time if this claim is true.
Rockstar Games confirmed the hack earlier today, adding that it was “disappointed” to share details of GTA 6 in this manner. However, the publisher said it does not expect the incident to disrupt its live-game services, or have any “long-term effect on the development of our ongoing projects.”
Prior to Rockstar’s statement, Bloomberg reporter Jason Schreier said company sources confirmed the hack.
“Not that there was much doubt, but I’ve confirmed with Rockstar sources that this weekend’s massive Grand Theft Auto VI leak is indeed real. The footage is early and unfinished, of course,” Schreier tweeted on Sunday.
“This is one of the biggest leaks in video game history and a nightmare for Rockstar Games,” he added.
Hacker Leaks Early Gameplay Videos
The hacker posted a link to a RAR archive, which contained 90 videos, on GTAforums, a fan forum dedicated to GTA, and other Rockstar titles such as the Red Dead series. According to Bleeping Computer, the videos appeared to contain early development footage of the highly anticipated GTA 6 video game.
“The videos appear to be created by developers debugging various features in the game, such as camera angles, NPC tracking, and locations in Vice City,” Bleeping Computer reported. “In addition, some of the videos contain voiced conversations between the protagonist and other NPCs.”
The threat actor’s stolen haul includes GTA 5 and 6 source code and assets, and GTA 6 testing build. The hacker has already listed “all source code and assets for GTA 5” for sale on Telegram, as well as “GTA 6 docs.”
The hacker added they would not entertain any offers under $10,000.
However, the actor said that GTA 6 source code is not for sale at this time. This is likely because the actor intends to extort Rockstar in exchange for not publishing the code. However, the actor released 9,500 lines of GTA 6 source code on Telegram on Sunday. The code “appears to be related to executing scripts for various in-game actions.”
Hacker Claims to be Behind Uber Hack
While the threat actor claims they stole the files from the company’s Slack and Confluence servers, it is unclear how they gained initial access. Interestingly, the hacker claims to be behind the Uber cybersecurity breach. In that case, the threat actor used the alias “teapots,” bearing similarities to the username on GTAforums, albeit a little on the nose.
However, the two attacks appear to share some similarities. In both cases, the hacker gained access to the company’s Slack server, and announced the breaches very publicly. In the Uber hack, the threat actor used social engineering to steal an employee’s password for initial access. We will continue to update this story as more information becomes available.
Schreier stated the incident is likely to have a negative effect on Rockstar in both the near and long term.
“To those who asked: There are several reasons this is a nightmare for Rockstar. One is that it’ll disrupt work for a while. Another is that it may lead management to limit work-from-home flexibility,” Schreir said.
“The repercussions of this leak might not be clear for quite a while,” he added.