Opinions on the Rockstar/Uber hacker?

From my RSS feed, all it took was an employee to accept a 2fa code after being told they were IT for uber on whatsapp to then regester the device and gaining access to their internal network via VPN, and finding a powershell script with admin creds for the ubers info.
No data has been leaked so far but looks like to be done in protest to the uber drivers.

Dont know how this will help them bust sure.

I would guess the same happened to Rockstar but with GTA Vl footage leaking online. Been a crazy day for gaming.
Not so great is the source code for GTA V is up for sale, for minimum 10K and no less.

Personally, after all the shit Rockstar as a company has done, its deserved, not so good for the individual coders since they are just developing the game and nothing more.

From DMCA on mods and homebrew projects, to the terrible release the delisting of GTA from the 6th generation, while also shoveling out GTA online for almost a decade.

Also the person that is responsible for all this is 18 and uses Protonmail, so expect a request to be logged and sued after this, and is using Telegram aswell.

What about anyone else? What’s your opinion on the matter, would love to hear👍

I think that the Uber hack is another example of the effectiveness of social engineering.

I hope that the increase of these kinds of attacks will increase trainings on the part of IT departments around the world to better prepare their users.

Then I hope that the increases security awareness will translate to increased personal security.

And then I hope that a nascent interest in security will lead to more interest in privacy.

I guess this is what I hope we do for any big hack - that we learn from it. But it’s hard. :confused:

2 Likes

Agreed, Security is one thing from a tech standpoint, but then there are people who can and are always tricked one way or another, and everyone is vulnerable regardless.

I wouldn’t even call it a hack, its a very good breach of security.

Training is needed more than ever since work from home has become more of a feature to workplace environments, and text codes and even MFA isn’t enough if someone can believe your the king of Uganda who will send millions of dollars to ones account.

No matter how good the advice, people often ignore it

Note: I only have followed the R* hack partly, as I am not really interested in games.

From what I know about the R* hack, it was completely stupid. It basically was someone using their private password for the development slack server.
While this in itself is already bad, lots of people still advertise 2FA and so on as a proper way to defend against it. There are multiple ways to get into a MFA protected account, look at this article for example How to hack 2FA: 5 attack methods explained | CSO Online

Exactly.
Most of these hacks can be prevented with proper password security (using random passwords with a password manager, 80 bit entropy at least). The problem with this has been addressed as well tho.

There are no ways to guarantee that everyone in your company follows the security guidelines (unless you were to hack our own employees). Let’s assume that R* has 500 people developing GTA VI currently (this is about the size of their team in India, so probably many more are developing it). There is a high chance that someone is not using proper security (e.g. by reusing their password).

As most credentials are getting breached at some point, it simply is a matter of time until any big team gets hacked by a single person not using proper security on their accounts.

Sure, but increased awareness can still decrease the likelihood that this kind of thing happens. It will almost certainly still happen, but less often.

A more cynical view is that if you train your employees and someone gets in via route that was trained against, you could potentially point back to the training and say “employee, you were trained on this, what happened?” And then you tell that story in the company without giving the employee’s name. I don’t know if employees should face consequences per se because they are being victimized by people who know infinitely more than they do about cybersecurity, but at least you use it as a teachable moment.

It still comes around to feeling the pain, though. If in the Uber example it turns out that a bunch of customer data got out, employees might think “oh well, my big company got hacked but it doesn’t affect me.” If their own personal data got out in a way that was accessible to other employees or their family members, employees would be much more upset. Neither case is good, but you care more if you’re personally affected or not. This is news to no one.

Even customers may not know or realize why they should be upset at this breach. The public doesn’t know what data if any was stolen, but we’re potentially talking about name, number, address, travel history, and credit card details. And even if it’s confirmed that those things did get out, what will the average user do? Maybe move to Lift, but even then maybe not because we’re all used the services we think to use and we’re not used to making security demands of the companies we entrust with personal information.

I’m all over the place, so I try to stay positive and hope that we learn from incidents like this rather than think about all the ways we’re complacent. I try to remind myself that the average person shouldn’t have to be dealing with these problems. They’ve been foisted onto us by data-hungry organizations who just need to learn to get by with less data, or at least data that has been consented to by a person with a decent understanding of what they’re handing over.

1 Like

Well, Rockstar’s already poorly treated employees are no longer going to be allowed to work from home, that’s for sure.
The guy who hacked/leaked it still seems to be pretty loud and ballsy, probably best to go into hiding after poking the bear like. I’m guessing he’s going to be caught soon.
Crazy day for gaming, biggest leak in a while. Crazy that all it took was one employee.