In the days following this week’s massive Grand Theft Auto VI leaks, investigations have revealed more information about the party behind the hack. Rather than a single individual, it appears that at least two people — possibly connected to a larger hacker group — were behind the weekend’s huge breach. And while Rockstar Games locks down its social media accounts to fight back against the spread of leaked content, it’s now likely the hackers are being investigated by the FBI.
On September 18 on the GTA Forums, a user appeared and dropped over 90 videos showcasing early development footage of the next Grand Theft Auto game, assumed to be GTA VI. The footage contained early looks at the game’s setting of Vice City, as well as police chases, shootouts, and what appear to be two main characters. In the days since the leak, Rockstar Games and its parent company, Take-Two Interactive, have tried to scrub the leaked material off the web. Rockstar released a statement on September 19, suggesting that the disastrous leak was the result of a hacker who had “illegally” gained access to the studio’s network.
Now we know that the GTA VI hacker wasn’t a single person, but probably at least two different individuals. In a new post on the GTA Forumsthe site’s staff shared the results of their investigations into the leaker, explaining that based on posting behavior and IP address data, they believed at least two people were sharing the GTA Forums account, “TeaPotUberHacker,” that posted the leaked data.
According to the staff’s update, they don’t believe the account was stolen, but was instead shared between the two hackers, known as “Teapot” and “Lily.” GTA Forums staff notes that Lily has been active on Telegram but that they don’t believe Lily “currently possesses any of the hacked materials they claim to hold,” and they warn against interacting with them.
The transportation app company Uber, which was also recently hacked, issued a “security update” earlier this week pinning responsibility on a hacker group called Lapsus $. It claimed that Lapsus $ has also, this year, “breached Microsoft, Cisco, Samsung, Nvidia, and Okta, among others,” and is now also behind the GTA VI leak. Uber says that it’s working with the FBI and US Justice Department to help with the investigation. At this time it’s unknown if Rockstar is also working with the FBI.
In the meantime, while the leaked footage and screenshots continue to spread around the web, Rockstar has seemingly taken action by locking down its social media accounts. If you look at its most recent tweet and Instagram posts, you’ll notice that they’re closed to comments and replies. That’s presumably an attempt by Rockstar to slow the spread of the leaked materials, as some fans would likely use the replies under GTA Online-related tweets to share content from the leak.
Kotaku has reached out to Rockstar for comment about the investigation and its newly locked down social media accounts.