Rockstar confirms cyberattack, leak of confidential data including GTA 6 footage

Gaming giant Rockstar confirmed on Monday that a hacker broke into its systems and stole confidential internal data, including footage from the next highly-anticipated installment of its Grand Theft Auto series.

In statements posted to Twitter, Facebook and Instagram, Rockstar Games said it suffered a network intrusion that allowed someone to access and download “confidential information from our systems, including early development footage for the next Grand Theft Auto.”

“At this time, we do not anticipate any disruption to our live game services nor any long-term effect on the development of our ongoing projects. We are extremely disappointed to have any details of our next game shared with you all in this way,” the company said. “Our work on the next Grand Theft Auto game will continue as planned and we remain as committed as ever to delivering an experience to you, our players, that truly exceeds your expectations. We will update everyone again soon and, of course, will properly introduce you to this next game when it is ready.”

A spokesperson for the company told The Record that they will not be commenting on the situation beyond the statements that were released. 

The alleged hacker behind the leak claimed to be the same person who launched a wide-ranging attack on Uber last week. 

On a Grand Theft Auto fan forum, the individual shared a link to footage and clips from Grand Theft Auto 6, a title which Rockstar has not publicly confirmed is in development. 

They attached images, videos, and source code as evidence and linked to the New York Times coverage of the Uber security incident while describing it as their “previous work.” The hacker claimed to have "GTA 5 and 6 source code and assets, GTA 6 testing build.”

The individual, writing in apparently fluent English and using the handle “teapotuberhacker,” said they were reachable via Telegram where their handle was Tea Pot. The person did not respond to requests for comment.

Initially, the hacker offered data related to Grand Theft Auto 5, which has already been released, for nothing less than $10,000 but claimed they would not sell any of the data related to Grand Theft Auto 6, which is still in development. 

The account wrote around 1 a.m. EST “imma sleep for some hours now” before logging off in the early hours of Sunday. Although they posted subsequently, their Telegram account has now been deleted. 

The hacker also took to a message board on 4chan to discuss the incident, claiming to have gotten initial access to Rockstar Games by social engineering an employee. They openly discussed wanting to negotiate with Rockstar and its parent company, Take-Two Interactive, but did not specify what they wanted to negotiate about.

In later messages, the hacker said people connected to Take-Two Interactive were “on” him and that he was unsure of what to do. With others on the message board, the hacker mulled the pros and cons of selling the stolen data and footage or simply keeping it, wondering which would allow them to avoid legal peril. 

The hacker’s last message said they plan to leak more of what they stole if Rockstar Games or Take-Two Interactive did not pay them. 

Take-Two Interactive was forced to file several DMCA infringement notices and takedown requests in an effort to get the leaked game footage off of YouTube and Twitter. 

Before the company released a statement, a reporter from Bloomberg spoke with sources inside Rockstar Games who told him that the leak was real.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
What is Threat Intelligence
No previous article
No new articles
Alexander Martin

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.

Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.