A Thursday night arrest of a 17-year-old in the UK may have led to the capture of one of the biggest video game-related leakers in recent history.
London police forces confirmed their apprehension of an Oxford suspect on a social media channel regularly used for police arrest updates, and it clarified the suspect’s age, a vague charge of “suspicion of hacking,” and that the investigation was coordinated with the UK’s National Crime Agency (NCA) and specifically its National Cyber Crime Unit.
That charge was followed hours later by a report from American freelance journalist Matthew Keys alleging that the arrest revolved squarely around the recent theft and distribution of unreleased assets from British video game studio Rockstar North. This report cites “sources” to claim that the FBI was involved in this investigation and that the data seized also included portions of a massive Uber-related breach. Keys’ report, as of press time, has not been corroborated by larger newsrooms in either the US or UK.
The gaming leak in question was among the highest profile in recent history, as it essentially contained the world premiere of highly anticipated video game Grand Theft Auto VI. Up until this week’s leak, series fans were left with rumors and hearsay about its potential setting (a Miami-like city that resembles the series’ Vice City) and its protagonists (a “Bonnie and Clyde” pair of protagonists, including the first playable woman in a mainline GTA game). Both of those rumors were confirmed by the leak, which Rockstar eventually confirmed was legitimate and sourced from a 3-year-old version of the game.
Before Thursday’s arrest, the GTA VI gameplay leaker originally claimed involvement in a recent massive breach of Uber’s data, as well—and Uber publicly blamed the hacking collective Lapsus$ for that intrusion. Previously, at least one teenage boy from Oxford had been linked to the hacking efforts of Lapsus$ by a BBC report. UK authorities did not confirm that report’s veracity at the time, due to privacy rules about underage suspects. Thus, while the GTA VI leak could be connected to efforts by Lapsus$, that connection remains unconfirmed as of press time.
Ars Technica’s Dan Goodin previously reported on Lapsus$’s hacking efforts as they were chronicled by members on their official Telegram chat channels. Many of the group’s methods, at least as publicly revealed, took advantage of vulnerabilities in standard “two-factor” multifactor authentication systems—which usually revolve around less secure backup login options that an attacker can exploit. The GTA VI leaker previously suggested that they gained unauthorized access to Rockstar’s source code via accessing the company’s Slack chat interface, but as of press time, it’s unclear whether this too was a matter of “MFA bombing” to trick an employee into unwittingly accepting something like a phone call prompt.
Should this week’s Oxford arrest be connected to the GTA VI leak, that timeline would be far more accelerated than we saw in another memorable European source code leak. German hacker Axel Gembe eventually recounted the story of his apprehension after he breached Valve’s computer systems to download the source code to Half-Life 2. That raid and subsequent arrest took place roughly eight months after the leak was originally reported.