Hacker steals GTA6 source code from Rockstar
The attacker may be the same as the one who breached Uber last week - and could be affiliated with the Lapsus$ group
A cybercriminal - allegedly the same one who hacked Uber last week - has breached Rockstar Games and stolen the source code for its upcoming game, Grand Theft Auto 6.
The individual, going by the name 'teapotuberhacker', also posted about 90 videos to GTAForums on the 18th September, totalling around 50 minutes of pre-alpha gameplay and testing.
According to teapotuberhacker, all the videos were shared in the company's Slack channels and s/he downloaded them from there. This backs up the claim that the individuals who breached Uber and Rockstar are one and the same, as Slack acted as an entry point for both breaches.
Rockstar posted a statement to Twitter, acknowledging that 'an unauthorised third party' was able to access and download information from its systems, 'including early development footage for the next Grand Theft Auto'.
It added, 'We are extremely disappointed to have any details of our next game shared with you all in this way. Our work on the next Grand Theft Auto game will continue as planned and we remain as committed as ever to delivering an experience to you, our players, that truly exceeds your expectations. We will update everyone again soon and, of course, will properly introduce you to this next game when it is ready. We want to thank everyone for their ongoing support through this situation.'
Although the footage spread quickly online and some remains accessible, GTA publisher Take-Two Interactive has begun issuing takedown requests to sites hosting the content.
Teapotuberhacker claims to want to negotiate with Rockstar, and has allegedly demanded 'a five-figure sum' for the return of the stolen data - which includes the source code for Grand Theft Auto 5, as well as its upcoming sequel. So far, there has been no word from the company if it will negotiate, and we are unlikely to hear if it decides to do so.
While some gamers welcomed the breach - seeing it as schadenfreude against Rockstar for milking the nine-year-old GTA 5, rather than releasing a new title - others were worried what it would mean for the developers behind the game.
Uber blames Lapsus$ hacking group
If the Rockstar and Uber hackers are the same, it is possible both can blame the Lapsus$ group, which has breached firms including Samsung and Okta this year.
The Uber hack forced the company to take down some internal systems, including Slack and those hosted on AWS and Google Cloud Platform.
Uber acknowledged the Rockstar hack in its latest security update, but does not confirm the attackers were the same.
Uber has released more information about the hack, saying the entry point was an external contractor's compromised account.
'It is likely that the attacker purchased the contractor's Uber corporate password on the dark web,' the company writes, 'after the contractor's personal device had been infected with malware, exposing those credentials.'
This is notably different from the hacker's claim of obtaining a password through social engineering.
Although the contractor whose details were compromised had two-factor authentication enabled and initially rejected attempts to log in, they eventually accepted one and the hacker gained access to Uber's systems.
Uber says:
'We believe that this attacker (or attackers) are affiliated with a hacking group called Lapsus$, which has been increasingly active over the last year or so. This group typically uses similar techniques to target technology companies, and in 2022 alone has breached Microsoft, Cisco, Samsung, Nvidia and Okta, among others. There are also reports over the weekend that this same actor breached video game maker Rockstar Games. We are in close coordination with the FBI and US Department of Justice on this matter and will continue to support their efforts.'