Rockstar Confirm Data Leak, GTA Footage Stolen

Following news of a hack that saw new Grand Theft Auto footage leaked , experts reacted below.

Subscribe
Notify of
guest

4 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Andi
Andi
September 22, 2022 8:04 am

Hello Community & Everyone,
somehow I don’t really understand the thing with the hack, to be honest I’m a layman in the whole matter.
1. How can someone get such sensitive data so easily, is that person at such a high level or does he come from a top global university for computer science?
2.Is there no security or no 100% protection against such hacker attacks or data theft?
3.Tracking down the hacker is another question… I assume, if national security were at stake, things would certainly be different.
Maybe someone here can enlighten me.

Markus.strauss
Markus.strauss , Head of Product Management
InfoSec Expert
September 21, 2022 3:00 pm

Having game footage leaked prior to a release is not uncommon and is allegedly often a common practice by development studios themselves. Given the official statement from Rockstar Games about the network intrusion, this does not seem the case here, however. Given the intrusion method and the potential connection to the Uber attack it is likely this attack again used existing vulnerabilities that the attacker was able to exploit to gain access to a network. One must wonder how much effort is spent on basic vulnerability assessment and patching in such cases.

Last edited 5 days ago by markus.strauss
Erfan Shadabi
Erfan Shadabi , Cybersecurity Expert
InfoSec Expert
September 21, 2022 2:59 pm

Given that 2013’s GTA 5 is considered one of the most successful video games of all time and there’s growing fan demand for the new instalment, it is no surprise that it became a target for hackers. What comes to mind when we think about security breaches is usually the stealing and selling of personal user or employee data, but this attack is slightly different. The hacker stole, through the Slack messaging platform, a lot of new gameplay related assets – which can be highly valuable on the dark web and/or highly sought after by fans on social media. When stolen data like this is published on social media it can be almost impossible to limit the damage and reach of the data.

Gaming organizations should take privacy on employee messaging platforms (where highly sought-after information is stored and exchanged) as seriously as they would user data privacy. This can be achieved by building into their data infrastructures more than just the bare minimum level of security and reviewing all service providers frequently. Their strategy should be data-centric, with an assumption that threat actors might try to get to this cache of information. When you protect the data itself, rather than the perimeters around it, with methods such as tokenization or format-preserving encryption, you obfuscate the sensitive parts and render it incomprehensible and useless to hackers. Better yet, data-centric security is not dependent on protected borders and travels with the data.

Last edited 5 days ago by Erfan Shadabi
Martin Jartelius
Martin Jartelius , CSO
InfoSec Expert
September 21, 2022 2:59 pm

Given that the gaming industry is now worth over $300 billion, it is a lucrative target for malicious cyber-attacks, and this most recent on Rockstar Games proves how disruptive an attack can be.

For instance, the leak has negatively impacted share prices of the company that owns Rockstar Games. Moreover, intellectual property will fetch for a good price on the dark web which can be used by potential competitors for their own gain or other hackers to cause more trouble.

Both the information that is leaked and the breach itself may have a direct impact on a company’s project delivery, with any potential delays adding to the overall costs. To avoid such scenarios going forward, organisations must ensure security best practises are being followed while monitoring for any adverse behaviour across systems.

Last edited 5 days ago by Martin Jartelius
Information Security Buzz
4
0
Would love your thoughts, please comment.x
()
x