Rockstar Games Confirms 'Grand Theft Auto 6' Breach

The Take-Two Interactive subsidiary acknowledges an attack on its systems, where an attacker downloaded "early development footage for the next Grand Theft Auto" and other assets.

4 Min Read
Mockup of a mobile phone with a Grand Theft Auto VI screen logo, surrounded by pink game controllers
Source: stLegat via Alamy Stock Photo

Rockstar Games, a subsidiary of Take-Two Interactive Software, today confirmed that an unauthorized third party had downloaded files and videos for its flagship game Grand Theft Auto 6 following the posting over the weekend of scores of video clips to an online forum.

More than 90 video files — since removed — were posted at 3:26 a.m. on Sunday, Sept. 18, to the GTAForums. Several forum users considered the videos to be authentic, and the forum administrators appeared to confirm that that data was stolen when they pulled down the files and posted a warning for forum members to not share media or links to copyrighted material.

By early Monday, Take-Two Interactive had confirmed the breach in a corporate filing with the Securities and Exchange Commission.

"Rockstar Games recently experienced a network intrusion in which an unauthorized third party illegally accessed and downloaded confidential information from its systems, including early development footage for the next Grand Theft Auto," the company stated in the filing. "Current Rockstar Games services are unaffected. We have already taken steps to isolate and contain this incident."

The breach is the latest attack on gaming companies. In June 2021, game giant Electronic Arts suffered a massive breach, with cybercriminals stealing nearly 800GB of source code and data from the firm. The breach followed an attack on CD Projekt Red, the maker of the Witcher games and Cyberpunk 2077, which resulted in the theft of internal data and source code.

Game companies are not the only group being targeted — attackers are also focused on gamers. Players of the top 28 games encountered more than 380,000 instances of malware and unwanted files the 12 months ending in June 2022, according to software security firm Kaspersky Lab. Rockstar Games' Grand Theft Auto was the fourth most targeted PC game, according to the firm's analysis.

"Despite the fact that the number of users affected by gaming-related threats has dropped, certain gaming threats are still on the rise," Kaspersky researchers stated. "Over the past year, we have seen an increase in cybercriminal activity around stealers, which allow attackers to steal bank card data, credentials, and even crypto wallets data from infected devices."

Uber-Hacker Poser

In the Rockstar Games attack, the threat actor apparently gained access through a compromised credential. The cybercriminal used the name "teapotuberhacker," reportedly claiming to be the person behind the breach of Uber last week.

However, reliable details of the hack are in short supply. Already, fraudsters have posted a great deal of misinformation on Twitter and have reserved names similar to the hacker's on Telegram and other social media networks.

A thread on the GTAForums appears to be genuine, however. The administrators have already removed the video files and links posted by the purported hacker. Multiple posts on the GTAForums have claimed that the videos came from a developer Slack channel, which is similar to the compromise of Electronic Arts. The posted videos are dated between March 2021 and September 2022.

Take-Two Interactive and Rockstar Games played down the impact of the attack, maintaining that the development of the game will not be affected.

"Work on the game will continue as planned," the company stated in its SEC filing. "At this time, Rockstar Games does not anticipate any disruption to its current services nor any long-term effect on its development timelines as a result of this incident."

The hacker posted the videos to GTAForums early Sunday morning, stating, "Here are 90 footage/clips from GTA 6," and adding, "Its possible i could leak more data soon, GTA 5 and 6 source code and assets, GTA 6 testing build."

The attacker may not have had general access to Rockstar Games' systems, but only the communication channels used by developers. "These videos were downloaded from Slack," the poster wrote, clarifying that the source was "employee communications."

Wall Street Fallout

The breach initially hurt Take-Two Interactive's stock price (NASDAQ: TTWO), but the company's assurance that the game's launch date would not be delayed seemed to assuage investors, and the stock rose slightly by late afternoon. The company has actually not yet announced the game's official release data, but reports have pegged mid- to late-2024 as likely.

"We are extremely disappointed to have any details of our next game shared with you all in this way," the company said in a statement posted on Twitter. "Our work on the next Grand Theft Auto game will continue as planned and we remain as committed as ever to delivering an experience to you, our players, that truly exceeds your expectations."

About the Author(s)

Robert Lemos, Contributing Writer

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights