Updated on 9/19/22 to add Rockstar’s statement at the end of the article.
Grand Theft Auto 6 gameplay videos and source code have been leaked after a hacker breached Rockstar Game’s Slack server and Confluence wiki.
The videos and source code were first leaked on GTAForums yesterday, where a threat actor named ‘teapotuberhacker’ shared a link to a RAR archive containing 90 stolen videos.
The videos appear to be created by developers debugging various features in the game, such as camera angles, NPC tracking, and locations in Vice City. In addition, some of the videos contain voiced conversations between the protagonist and other NPCs.
The hacker claims to have stolen “GTA 5 and 6 source code and assets, GTA 6 testing build,” but is trying to extort Rockstar Games to prevent further data from being released.
However, the threat actor says they are accepting offers over $10,000 for the GTA V source code and assets but are not selling the GTA 6 source code at this time.
After forum members showed disbelief that the hack was real, the threat actor claimed he was behind the recent cyberattack on Uber and leaked screenshots of source code from both Grand Theft Auto V and Grand Theft Auto 6 as further proof.
Rockstar games have not released a statement or responded to our email about the attack at this time. However, Bloomberg’s Jason Schreier confirmed the leak was valid after speaking to sources at Rockstar.
The leaked videos have since made it onto YouTube and Twitter, with Rockstar Games issuing DMCA infringement notices and takedown requests to get the videos offline.
“This video is no longer available due to a copyright claim by Take 2 Interactive,” reads a copyright claim by Take 2 Interactive, the owner of Rockstar Games. These takedown demands lend further validity to the fact that the leaked GTA 6 videos are real.
However, Rockstar Game’s efforts come too late, as the threat actor and others had already started leaking the stolen GTA 6 videos and portions of the source code on Telegram.
For example, the threat actor leaked a GTA 6 source code file today that is 9,500 lines long and appears to be related to executing scripts for various in-game actions.
Claims to be behind Uber attack
The hacker hasn’t shared details on how they gained access to the GTA 6 videos and source code other than claiming to have stolen them from Rockstar’s Slack and Confluence servers.
The threat actor also claims to be the same hacker, named ‘TeaPots,’ behind the recent Uber cyberattack, but BleepingComputer could not confirm whether these claims are valid.
However, during the cyberattack on Uber, the threat actor also gained access to the company’s Slack server and other internal services after performing a social engineering attack on an employee.
While there are not enough details about the Rockstar Games hack, the types of servers accessed and the very public announcements are similar to the Uber hacker’s tactics.
Update 9/19/22:
Rockstar confirms breach
On Monday morning, Rockstar Games confirmed that they suffered a network intrusion allowing hackers to download company data from their systems.
BleepingComputer has shared the full statement below:
“We recently suffered a network intrusion in which an unauthorized third party illegally accessed and downloaded confidential information from our systems, including early development footage for the next Grand Theft Auto. At this time, we do not anticipate any disruption to our live game services nor any long-term effect on the development of our ongoing projects.
We are extremely disappointed to have any details of our next game shared with you all in this way. Our work on the next Grand Theft Auto game will continue as planned and we remain as committed as ever to delivering an experience to you, our players, that truly exceeds your expectations. We will update everyone again soon and, of course, will properly introduce you to this next game when it is ready. We want to thank everyone for their ongoing support through this situation.” – Rockstar Games.
Unfortunately, the company has not shared any technical details or IOCs related to their attack to help security professionals better defend their networks.
BleepingComputer has asked for further details about the cyberattack and will update this article if we learn anything new.
Source: www.bleepingcomputer.com