Is The Gaming Industry Under Attack From Hackers?

It might be a day later, but we wish you a Merry Christmas and a Happy New Year!

Christmas is fun, isn’t it? A good time to meet friends and family, relax and indulge in recreational activities. It’s all fun and games, right?

Talking about games, the gaming industry hasn’t necessarily had a good one, particularly the online video game industry. Of course, sales are still up, while technology and innovation are only making them more fun and immersive.

However, we’re talking about the companies that produce such video games, who have had a mixed bag of a year courtesy of cybercriminals. Big companies like Rockstar Games, Insomniac Games and Ubisoft Entertainment.

So, what happened with these companies? Let’s explore!
 

What Happened With Rockstar Games?

 

• For sure, you’ve heard of this company, the one who produced winners like the Grand Theft Auto Series, spanning titles like GTA Vice City, GTA San Andreas, GTA V and the highly anticipated GTA VI, which is slated for a 2025 release according to trailer of the game. 

• Unfortunately, earlier in December Rockstar Games released the trailer earlier than it intended to as a leaked version of it made it to a post on X (formerly Twitter). Of course, the hacker responsible for it was caught and received life sentence in hospital prison.

• The hacker, Arion Kurtaj, was a part of cybercrime group Lapsus$. The group is also responsible for cyberattacks on companies like Uber, Microsoft, Okta, Nvidia, Mercado Libre, T-Mobile, Vodafone, Samsung, Ubisoft and of course, Rockstar Games.

• Unfortunately, another hack carried out by the same group a year ago saw its ugly head rear in the last few days as the hackers leaked source code for Grand Theft Auto 5 (GTA V), after a partial leak last year. Last year, the group also claimed to have stolen GTA 5 and GTA 6 source code along with other assets.

• It’s believed the leak includes 4GB files of code, with hackers discussing a potential release of the full 200GB source file. Furthermore, it also includes files from Bully 2, parts of GTA 6 code, unreleased downloadable content (DLCs) as well as Agent (a canceled project).

• Links to download the source code were posted on Discord, a dark web website and a Telegram channel, which was previously used to share leaked Rockstar Games data, with the owner of the channel ‘Phil’ shared links, screenshots and also paid homage to Arion Kurtaj.

• While the original link has been removed, the source code is being circulated across social media platforms.

 

What Happened With Insomniac Games?

 

• For the Sony-led PlayStation Studios-owned Insomniac Games, it all started on December 12, 2023, when ransomware group Rhysida announced that it had stolen 1.3 million files amounting to 1.67 terabytes of data.

• Their demand? 1 week to transfer $2 million.

• However, once the date passed, the group released the data, which included screenshots of employee conversations on Slack, internal HR documents and details pertaining to the new Wolverine game, which is yet to be released.

• The details included level design, character information, screenshots from the game, a signed publishing agreement between Sony and Marvel outlining three upcoming X-Men Games. The agreement says Sony plans to spend $120 million per game and must release Wolverine by September 1, 2025, while the other two unnamed projects should be released by 2029 end and 2033 end.

• In the days following the leak, Insomniac Games said via an X post, “We’re both saddened and angered about the recent criminal cyberattack on our studio and the emotional toll it’s taken on our dev team. We have focused inwardly for the last several days to support each other,” and added, “This experience has been extremely distressing for us.”

 

What Did Ubisoft Do?

 

• Earlier in the week, Ubisoft’s internal servers were compromised by a security breach as hackers attempted to steal 900GB of data. This included Rainbow Six Siege user data. 

• The hackers claimed to have gained access to the Ubisoft SharePoint server, Microsoft Teams, Confluence and MongoDB Atlas panel, while also sharing screenshots of their access to the servers.

• However, in this case, Ubisoft was able to spot the breach, albeit 48 hours later and was able to revoke their access before they could successfully exfiltrate data.

• The company known for titles such as Assassin's Creed, FarCry, Tom Clancy's Rainbow Six Siege and more, said, "We are aware of an alleged data security incident and are currently investigating. We don't have more to share at this time.”

Do you think video game companies should step up their security measures by tying up with cybersecurity companies to protect their assets?

Let us know in the comments below!