Rockstar’s upcoming “Grand Theft Auto 6” (GTA6) is one of the most hotly anticipated video games, but it is still far from complete and fans did not expect to see anything substantial of it for at least a year or more. A cyber attack has changed all of that, giving the public a rare peek into the development process with a coordinated GTA6 leak that appears to be part of a profit-seeking gambit.
The hacker posted videos of the game to a popular discussion forum, and followed that up with claims of stolen source code and a demand for payment from Rockstar. Some cybersecurity experts think that Lapsus$, the group behind the recent Uber attack along with numerous other break-ins in the past year, may be the culprits behind the GTA6 leak.
Cyber attack on Rockstar stole materials from company Slack channel
While the involvement of Lapsus$ is not yet confirmed, the group has been responsible for a chain of similar attacks with similar methodology dating back to 2021. The group slipped up in early 2022, which led to a wave of arrests of mostly teenage members in the United Kingdom. However, this did not stop the group’s activity. Some of its members, apparently the most active and technically skilled ones, are also located in Brazil and appear to continue to operate from there even as the UK branch is under active investigation for prior attacks.
Lapsus$ is suspected in the GTA6 leak primarily because Uber has suggested that it looks quite a bit like the attack it experienced recently. Uber is wrapping up its own internal investigation after seeing a hacker pop up on its own internal Slack channel, letting them know that essentially their entire network had been compromised. While the Uber hacker had much broader access to company systems, they also claim to have stolen source code (but have not yet demanded any sort of payment for it).
The GTA6 hacker certainly left clues that point to Lapsus$; calling themselves “teapotuberhacker” when releasing the videos of the game, using UK slang and eventually claiming responsibility for the Uber attack. Knowing exactly how the hacker broke into Rockstar would be helpful in determining responsibility, but thus far Rockstar is keeping details of the cyber attack out of the public eye as the FBI investigates.
Hacker’s posts indicate GTA5 source code stolen, but GTA6 leak status unclear
The GTA6 leak included videos that indicate the hacker definitely had access to the development environment (something since officially confirmed by Rockstar), but it remains unclear as to whether they really have the game’s source code. They do appear to have the source code to prior title GTA5, providing requested snippets of code to members of the modding scene capable of verifying that it is authentic. There has yet to be clear verification of the theft of GTA6 source code, however.
Stolen source code for games of this caliber has sold for millions of dollars on the dark web before. Hackers are usually interested in it as a means of finding ways to defeat copy protection and sell bootlegs, or to create cheats for online play. Bootlegging is an unlikely source of profit in the case of GTA5, which has been on the market for nearly a decade now; however, companion game GTA Online shares much of that game’s code and hackers may well be interested in developing exploits for it.
Rockstar has issued a statement indicating that the cyber attack and subsequent GTA6 leak will not have any impact on the game’s development, and it is still expected sometime in 2024 or 2025.