Rockstar Games got hacked earlier this week, in what some are calling the biggest hack of its kind in recent memory. The game publisher, which is known for popular franchises like Red Dead and Grand Theft Auto, said that it was “extremely disappointed” that the “illegal” hacking episode had taken place. The hacker, who also claims to be the same culprit behind the recent Uber hack, leaked video of early development footage from the upcoming GTA6.
So far, Rockstar hasn’t said much about the impact it estimates the cyberattack will have. In its initial statement, the company largely dismissed the prospect of any long-term problems as a result of the intrusion: “We do not anticipate any disruption to our live game services nor any long-term effect on the development of our ongoing projects.” Gizmodo reached out to the game publisher for more information and will update our story if they respond.
Video game hacks have become increasingly common in recent years. Just this past week, beta footage from the upcoming Diablo IV was leaked to Reddit. Last summer, EA Games suffered a fairly disastrous hack that saw game source code leaked all over the web. In the past, hack-and-leaks of games like Cyberpunk 2077 and Half-Life 2 have led to epic problems for the game publishers behind them. It’s worth asking: what, if any, is the impact going to be for Rockstar?
One of the biggest concerns right now is whether the cybercriminal behind the attack will publish any more data. The hacker claims to have stolen source code for both GTA5 (published 2013) and GTA6 (rumored release date in 2025), posted select screenshots of the code to an online forum, and has threatened to release the rest of it. Source code, the digital DNA of a program, is important proprietary information for any gaming company. Hypothetically, what could the release of such code really do?
Ben Ellinger, vice president of software production at the video game design school Digipen, told Gizmodo that it really depends on what kind of code was stolen. If the hacker managed to steal server-side code for GTA6, that could potentially open up Rockstar to a cheating problem, the professor speculated.
Understanding this requires a little background on game architecture. Today’s online multi-player games are essentially designed to stop players from cheating. The game’s code is split into two parts: the server-side code (which is run by remote server farms owned by the company) and client-side code (which runs on the player’s actual device, like an Xbox or phone). Client code informs the player’s user experience, while the server code governs the gameplay itself. The code is partitioned in this way out of necessity (you really can’t create an online, multi-player environment without some sort of cloud infrastructure) but it also helps keep control of the game firmly in the hands of the company: players send their input (i.e., commands) to the server, and the server sends back an updated version of the game reflecting the player’s input.
However, if a hacker gains access to the server-side code, that could allow them to see how the gameplay functions, which would ultimately allow them to exploit that knowledge to develop new cheats. This might not seem like a big deal, but it can quickly grow into a sizable problem, Ellinger said. In this particular case, cheats could really disrupt the gameplay, and if the cheats are sold or distributed to a broader subset of players, the problem’s scale could grow exponentially. Do hackers sell cheats online? Of course they do.
Bellinger said that another potential negative side effect of a data breach is a shift in a company’s security culture. In the wake of a cyberattack, firms will commonly reassess their security procedures in an attempt to ward off the next bad incident. However, these re-assessments can get a little out of hand, even eventually verging on paranoia, he said.
“The problem is that it’s very difficult to determine whether [the hack] is just a straight-up security hole...or whether it’s human engineering.” By human engineering, Bellinger means that there’s “someone on the inside that is either complicit in this [data breach] or is inadvertently so—they got manipulated.” Employees get tricked into allowing intruders into corporate networks all the time, even when those corny anti-phishing workshops have been making the rounds.
Bellinger said that a post-hacking culture shift can be obstructive to a company’s workflow, and they don’t always end up being that helpful, either. They “can cause internal disruptions to the team because you now enter a state of almost paranoia,” he said, explaining that companies will go through a period of self-interrogation after something like this happens. “The worst case scenario for that is that you lose months to inefficiencies that result from that,” he said.
It’s not totally clear how much this incident will cost Rockstar. Daniel Wood, an academic researcher who studies the cyber insurance industry, said that if the company had cyber insurance, then an insurer could have partially helped with costs, but it’s not clear that Rockstar had any.
However, even if they did, insurance might not have helped that much in a case like this. “Cyber insurance does not typically cover lost intellectual property or reputation damage, in part because they are difficult to quantify,” said Woods. “It looks like the Rockstar hack mainly damaged IP and reputation,” he said, adding that he doubted “the financial coverage would have helped” in this case.
There are also serious and often disappointing limitations to what kind of protection the cyber insurance industry can provide, Wood said. “Even when cyber insurance covers something, the insurance limit is often exceeded because insurers are not comfortable offering limits in the hundreds of millions (to get this, insureds must get insurance from a coalition of insurers),” he said.
Big picture, what’s the damage? If it were a smaller game publisher, Rockstar’s fate likely would have been far worse. However, for a company that boasts a regular net income of hundreds of millions of dollars, it can afford to have a little egg on its face once in awhile. According to Bellinger, it’s probably not going to be that big of a deal.
“It’s fine,” he said, chuckling. It’s hard to imagine that this will seriously deter the release of the new game, he added. “This is frickin’ Grand Theft Auto. It’s going to be fine. People are still going to be impressed as hell [with the game], they [Rockstar] are still going to make billions of dollars. Ninety percent of the people who play it are never going to even register that this ever happened,” he said.