Grand Theft Data: Cybersecurity Takeaways from the GTA 6 Leak

Earlier in September, game developer Rockstar Games confirmed what they deemed a ‘network intrusion’ where a hacker gained access to and leaked confidential data, including videos and code.

How Did Cybercriminals Hack into Rockstar Games?

The hacker responsible claimed they were able to get access to confidential information by obtaining login credentials vis Rockstar Games’ employee Slack channel.

The cybercriminals also spoke about a potential ransomware scenario, asking money from the game company to avoid the leak of even more stole footage and data, including the video game source code, an act that could cause immense financial harm to Rockstar and potential delays to the release of the game which affects the bottom line down the road, too.

Examples of Past Cyberattacks on the Video Game Industry

In a past hack, the source code of Half-Life 2, a video game from 2003, was stolen and leaked. This instigated an FBI investigation and damages of over $250 million for the game developer, Valve.

In February of 2021, CD Projekt, developer of Cyberpunk 2077 and Witcher 3, had their source code stolen for those games and more. The hackers left a ransom note, demanding money in exchange for the data being returned. The source code was sold to a third party and all that data, which included source code and additional information from vendors and current and former employees, is still floating around the internet today.

How Could This Attack Have Been Avoided?

Because this attack stemmed from stolen credentials, there are a few layers of a complete cybersecurity approach that could have helped and which can prevent things like this from happening to your business.

Cybersecurity Awareness Training: One great way to stay secure is to protect and educate the human element of your security approach. Consistent and high-quality training and education on cybersecurity best practices and modern cyberattack scan help your people identify attacks and be on the lookout for anything suspicious in their emails, texts, DMs, or private messaging apps, like Slack.

Multi-Factor Authentication (MFA): Even when credentials are stolen, MFA can add another layer of security so that a stolen username and password are not enough. A hacker would need access to whichever form of MFA you’re using—biometrics (fingerprints, face scans, etc.), additional devices, or authentication software/app—in order to access the network.

Data Encryption: If a cybercriminal does get access to your network, you can still protect your stored data by encrypting it. This process makes your data unreadable unless accessed with the appropriate key or credential. This extra step won’t prevent data from being stolen, but it can make it so nobody can read, use, or sell that data without a way of decrypting it.

In Conclusion

Cyberattacks can target any business, in any industry. It always pays to prepare with preventative security measures and a strong set of protocols in place for when a breach does occur. With the right expertise and processes in place, you can keep your data safe.

Are you prepared for a breach? Download this checklist to measure how prepared your business is and see what you can do to stay protected against all kinds of modern threats.