Analyzing Rockstar’s GTA 6 Hack: Cybersecurity and Product Management

I plan on going into a deeper dive here, so I’ve left the presentation first for those who want to skim through the main points.

Let’s talk about some quick statistics regarding the game industry and cybersecurity:

1. In 2022, the video game industry was estimated to be worth around $235.7B (PwC)

2. The video game industry is slated to grow 8.4% annually until 2026 (PwC)

3. Cyberattacks increased by 167% on PCs in 2022 (Akamai)

4. 37% of all Distributed Denial of Service (DDoS) attacks happen in the video game industry, the second being the financial sector at 18.5%

There are a couple more statistics in the PowerPoint with regard to surveys and how players view cybersecurity within the game industry. Taking a look at the aforementioned PwC statistics, it’s a fair argument to make the video game industry one of the most profitable sectors within the entertainment and media industries. Especially within the nature of how the video game industry functions, with several projects always being worked on and a revolving player base, it is not only a very healthy industry but also an industry with susceptibility within its growing player base.

Akamai speaks on the last 2 points with important facts regarding cybersecurity in the video game industry. With more mediums coming out in the form of games in different forms (online/offline, different marketplaces [Steam/Epic/GoG], different payment methods [Apple Pay/PayPal/third party], different consoles [mobile, console, PC], messenger apps, etc.), there are a lot of ways for a hacker to do intrusions or compromises within or to a player’s account.

A few common security practices to think about throughout the development process:

1. Enabling Multi-factor Authentication (MFA)/2-Step verification (2FA)

2. Complying with PCI DSS and Institute for safe online payments

3. Confidentiality of databases to protect personal information

4. Preparing servers and adding protection against DoS and DDoS

5. Predicting In-game phishing via messaging

These are just a few things to think about throughout the lifecycle of a game, asking these questions can best prepare you for when a game releases to ensure the best cybersecurity is available for your player base and your developers. This is especially true in today’s day and age, where accounts need to be created for online usage or any additional promotional marketing material.

As a Product Manager, you may be asking yourself, “Where does cybersecurity fall in line with my day-to-day or even the bigger picture?” Well, cybersecurity affects your player base, your company, and yourself. Understanding and asking the right questions at the inception of the game development cycle can provide critical insight, prepare you for anything unforeseen, and help you make a smooth launch for when your game goes gold.

Ask these important questions:

1. Are employees encrypting important emails during cross-collaborations?

2. Are our Messenger apps end-to-end encrypted? (E2EE)

3. Do employees have MFA/2FA enabled on accounts?

4. If players are to login into your game using email, is there MFA/2FA, Captcha, or any verification system in place?

5. Are servers able to handle a mass influx of players, and can they withstand DDoS/DoS if needed?

6. If the game has payments, is it through a third-party (Apple, PlayStation, etc.) or is it through the game? Is it secure?

Diving into Rockstar’s security breach in September 2022

Looking at one of the more viral and big security breaches from 2022, Rockstar’s security breach of GTA 6, the source code, gameplay, and information about Rockstar’s next highly anticipated title, GTA 6, got leaked. This poses a number of problems for Rockstar, the developers, and the players.

An unannounced, highly anticipated title got leaked years before its proper time, and this led to public feedback regarding the current development process. This is horrible as there was a lot of negative feedback regarding early builds of GTA 6, which was understandably pre-beta for tests so it wasn’t graphically ready. Rockstar also had promotional plans to announce GTA 6 in a grand manner, as it would be the next critically acclaimed title.

The development of GTA 6 was more than likely delayed for multiple reasons, one of which was to tighten security protocols and investigate how the source code and videos were leaked. The legal, marketing, and other cross-functional teams were probably involved in order to remediate the damage caused by leaks. Due to this, developers were probably disappointed at what they were working on being shown and gaining negative feedback before the product was ready to be shown in public, causing a drop in morale.

The Hacker stated that it had gained these videos via the messenger Slack, which is a common messenger app amongst companies. However, Slack is not E2EE, meaning that it is susceptible to data breaches via third-party applications. Rockstar also confirmed that there had been a network intrusion that had been showing important messages that developers had been sending to each other via Slack and Confluence Wiki. E2EE is a secure method of communication that prevents third parties from accessing data from another device

In conclusion, practicing common cybersecurity practices will help you better equip yourself, your players, and your developers for potential breaches. There are countless ways to practice cybersecurity protocols as well, E2EE is just one of many things someone can do to ensure that their accounts are sending data safely. Understanding how cybersecurity works and how data can be lost in small ways such as just a simple message will help a Product Manager navigate through obstacles that could arise during the development of a game.

Note: I am always constantly learning, everything in this blog post is just my analysis and thoughts on things. There is much more to learn in the field of cybersecurity and product management. I believe the best way to get good at something is to take an approach to learning, discussing, and making thought-provoking contents that make you think about this wonderful field of game development