Grand Theft Auto 6 gameplay videos and source code have been leaked after a hacker allegedly breached Rockstar Game’s Slack server and Confluence wiki.
The videos and source code were first leaked on GTAForums yesterday, where a threat actor named ‘teapotuberhacker’ shared a link to a RAR archive containing 90 stolen videos.
The videos appear to be created by developers debugging various features in the game, such as camera angles, NPC tracking, and locations in Vice City. In addition, some of the videos contain voiced conversations between the protagonist and other NPCs.
The hacker also claims to have stolen “GTA 5 and 6 source code and assets, GTA 6 testing build.”
After forum members showed disbelief that the hack was real, the threat actor claimed he was behind the recent cyberattack on Uber and leaked screenshots of source code from both Grand Theft Auto V and Grand Theft Auto 6 as further proof.
Rockstar games have not released a statement or responded to our email about the attack at this time. However, Bloomberg’s Jason Schreier confirmed the leak was valid after speaking to sources at Rockstar.
The leaked videos have since made it onto YouTube and Twitter, with Rockstar Games issuing DMCA infringement notices and takedown requests to get the videos offline.
“This video is no longer available due to a copyright claim by Take 2 Interactive,” reads a copyright claim by Take 2 Interactive, the owner of Rockstar Games. These takedown demands lend further validity to the fact that the leaked GTA 6 videos are real.
However, Rockstar Game’s efforts come too late, as the threat actor has already created a dedicated Telegram channel that they are using to leak the stolen GTA 6 videos and source code.
For example, the threat actor leaked a GTA 6 source code file today that is 9,500 lines long and appears to be related to executing scripts for various in-game actions.
Claims to be behind Uber attack
The hacker hasn’t shared details on how they gained access to the GTA 6 videos and source code other than claiming to have stolen them from Rockstar’s Slack and Confluence servers.
The threat actor also claims to be the same hacker, named ‘TeaPots,’ behind the recent Uber cyberattack, but BleepingComputer could not confirm whether these claims are valid.
However, during the cyberattack on Uber, the threat actor also gained access to the company’s Slack server and other internal services after performing a social engineering attack on an employee.
While there are not enough details about the Rockstar Games hack, the types of servers accessed and the very public announcements are similar to the Uber hacker’s tactics.