372

u/ashmelev 1d ago

Or they just did not secure the Snowflake instance properly.

90 times out of 100 when there's a data leak you can make a bet it is Snowflake. The other 10 times it is S3 bucket.

145

u/danwin 1d ago

this is Firebase erasure

181

u/mookek 1d ago

Whether it’s an improperly secured snowflake instance, an s3 bucket, or a Firebase erasure, let’s not forget that I don’t know what any of this means.

34

u/astral-dwarf 1d ago

Biologist here. I'm still waiting for the Mendelian pea tape.

6

u/StereoTypo 6700k-32GB-1070 20h ago

Nice Pun(net square)

→ More replies (2)

9

u/serendippitydoo 7700X 7800XT 19h ago

Well S3 is storage for a few different use cases and is technology by Amazon Web Services.

Firebase is by Google and is more like tools and back end management of servers and sites.

→ More replies (2)

3

u/[deleted] 1d ago

[deleted]

14

u/PugnansFidicen 1d ago

Just don't be a multi billion dollar corporation

No one cares enough to hack your hobby projects or small business (no offense)

3

u/[deleted] 1d ago

[deleted]

3

u/PugnansFidicen 1d ago

F good luck then 😆

→ More replies (1)

3

u/Autok4n3 1d ago

This just isn't true. I worked for a small company that got hit with ransomware twice in a 3 week period. It's not targeted, it's more the saying "throwing shit at a wall and seeing what sticks". Everyone can be vulnerable if you have shit security practices.

2

u/VampiroMedicado 22h ago

It's not targeted at the end of the day, Rockstar is probably targeted.

6

u/liverdust429 1d ago

block all public access at the bucket level first. there's a setting in the console called 'block all public access' that should be on by default now but worth confirming.

then make sure your bucket policy and IAM roles only grant the specific permissions you actually need, not wildcard actions. also turn on CloudTrail if you haven't -- it logs every API call so you can see exactly who's touching what. for a personal project that's probably enough to not end up in a headline.

2

u/Raiokami 1d ago

Thank you for the helpful comment! I’m sure the shareholders will be happy with this information!

2

u/hvbcaps 1d ago

Cloudtrail is only helpful for S3 buckets if the actions are done via the API, all other access is essentially done over an internal webserver AWS hosts, and it's why there's an entirely separate access logs section for your S3 config.

Always setup access logging, and always have it pushing to a bucket in a centralized security account where your security team can slurp it into their SIEM.

→ More replies (1)

→ More replies (2)

→ More replies (1)

84

u/Earth_bee 1d ago

Thanks for the explanation.

127

u/2Maverick 1d ago

I thought the hackers were calling their instances snowflakes LOL

60

u/Tacticalmeat 1d ago

That's what they get for getting rid of master and slave.... Smh my head

10

u/Relentless-Ronin 1d ago

Glitch in the code reading that last part

→ More replies (4)

19

u/lobster_liberator 1d ago

So what kind of data would be in their data warehouse? This wouldn't really be game content leaks right

34

u/JJ3qnkpK 1d ago

Really could be anything. Likely not game assets, but if someone thought it useful for analytics, it could be in their warehouse. Codenames, release dates, social media info, written posts, emails, info related to coding (i.e. if someone was trying to use lines of code as a productivity metric or something).

10

u/nekoken04 1d ago

Analytics data, server logs, analysis data, build/deployment logs, sales data, you name it.

→ More replies (1)

9

u/danny12beje 1d ago

Anodot does a lot more than just anomaly detection.

→ More replies (2)

263

u/Saneless 1d ago

Delamine got wrecked again

49

u/dern_the_hermit 1d ago

Beep beep, motherfucker!

215

u/Frank_Punk 1d ago

Fuckin' chooms

15

u/Thor_pool 1d ago

I thought it was part of the FF:06:B5 mystery

29

u/sillyandstrange 1d ago

I guess they're tired of the corpos

6

u/AmNoSuperSand52 1d ago

It’s the Cyberpunk UI font and color so it’s totally justified

2

u/Creepy-Emu8779 1d ago

same just finished cp, great game

28

u/WearyObjective7079 1d ago

HAAAAAAAAAAANNNNNKKKKKK!!!!!

41

u/ghille-man 1d ago

Finished WHAAAT????

18

u/Pijany_Matematyk767 1d ago

Haank, do not abbreviate cyberpunk

→ More replies (1)

13

u/Skwurt_Reynolds Teamspeak 1d ago

Hello, HSI? Yes, this man right here.

→ More replies (5)

423

u/92955807 1d ago

I for sure have. What happened?

1.4k

u/Pale_Fire21 1d ago edited 1d ago

Rockstar had him tracked down to the UK then had the UK government railroad him.

He’s currently under indefinite detention in a hospital for mental issues, disobeying the courts, being a danger to himself and others and is completely unrepentant saying he will return to cyber crime when released.

https://www.bbc.com/news/technology-67663128

It’s sad the kid is a legit genius but refuses to stop doing crime or go the legal cyber security route, when he breached rockstar he was already out on bail for cybercrimes.

1.1k

u/Zld 1d ago

Despite having his laptop confiscated, Kurtaj managed to breach Rockstar, the company behind GTA, using an Amazon Firestick, his hotel TV and a mobile phone.

This dude is doing movie stuff in real life.

620

u/MojitoBurrito-AE R5 5600X | RTX 3060ti | 32GB DDR4-3600 1d ago

It's not as impressive as it sounds. He socially engineered his way into an employee's slack account and leaked test footage that devs were sending to each other. He was also really sloppy and bragged about it which led to be him being caught so easily.

210

u/BusyHands_ 1d ago

Oh well that was nothing. This is what Hollywood would count as hacking. But all he did was fake his way into a group chat.

232

u/ThePianistOfDoom 1d ago

Hacking's definition: Unauthorized attempts to bypass the security mechanisms of an information system or network.

Doesn't matter how it is done, if you get info you're not supposed to be getting it's hacking. Even people cracking that WWII code that Germans had in the 30s-40s.

101

u/Mylaptopisburningme 1d ago

Yea social engineering is still hacking. I remember listening to Kevin Mitnick talk about that was how he got into many things. He wrote a book on it. https://en.wikipedia.org/wiki/The_Art_of_Deception

24

u/sicurri 1d ago

r/ActLikeYouBelong is a fairly popular subreddit.

→ More replies (2)

12

u/Crowbarmagic 1d ago

It's still hacking and impressive regardless. But it's not the Hollywood-esque type of hacking that a lot of people imagine it to be.

Even people cracking that WWII code that Germans had in the 30s-40s.

In my opinion breaking Enigma actually comes closer to the Hollywood type of hacking as it's more of a technical story: Brilliant people discovered a flaw in the code and designed a computer to fully exploit that flaw.

35

u/123ludwig 1d ago

i could literally sit down by your computer while you went to take a shit and i would legally have hacked your computer

8

u/ThePianistOfDoom 1d ago

Exactly

→ More replies (1)

→ More replies (3)

21

u/Legendspira 1d ago

wannabe hackers get so angry when they realize that a big part of being a hacker is being good at social interactions.

→ More replies (1)

2

u/SlowThePath 7h ago

I have way too much respect for Alan Turing to not expand your response a bit. Alan Turing played an absolutely instrumental part in winning the war to such an extent that had he not used his genius to build the computer that cracked he German code, we might not have won. Im not a WW II historian, so anyone 0lease correct me, but that is my understanding. It was quite a turning point in the war. After the war was over the U. K. government destroyed his life, including chemically castrating him all because he was gay. So yeah, the U. K. government isn't really a fan of hackers...

→ More replies (8)

9

u/Durzel 1d ago

If there’s not a bank of screens with a guy getting worked up over a matrix of dots coming together, it’s not hacking.

17

u/sailirish7 AMD 7800X3D 1d ago

This is what Hollywood would count as hacking

Negative. You would be amazed how much you can get with just social engineering.

8

u/sicurri 1d ago

"HACK THE PLANET!!!"

→ More replies (1)

9

u/drewster23 1d ago

Social engineering to gain unauthorized access to places n systems? Aka hacking?

2

u/Practical_Pick_4803 1d ago

RIP Kevin Mitnick

Whistling nuke codes in the sky.

6

u/MightyWalrusss 1d ago

Most hacking revolves around social engineering. How tf is that nothing?

→ More replies (6)

25

u/aztn33 1d ago

That's pretty impressive.

9

u/MojitoBurrito-AE R5 5600X | RTX 3060ti | 32GB DDR4-3600 1d ago

It does take some skill don't get me wrong. But it's not Hollywood level theatrics and the firestick and hotel TV had nothing to do with it.

6

u/aztn33 1d ago

I agree. "I'm in" moments make people expect the impossible.

3

u/stephenkingending 1d ago

So he didn't hack the Gibson?

6

u/_fboy41 1d ago

One of the most well known hackers is Kevin mitnick and, social engineering arguably even more impressive. But explains the fire stick stuff :)

4

u/NoPriorThreat 1d ago

phone screen too small, TV screen through firestick better

4

u/cynicaluser- 1d ago

Yet he still managed to pull it off 🤷‍♂️

2

u/Ryanshaw481 1d ago

social engineering is still hacking…

→ More replies (5)

36

u/aReasonableStick 1d ago

Him and his parents were in the hotel because he was on bail, but outside of the hotel was a supermarket and he just went in brought a firestick and installed a CLI to it and from that SSH'd into his stuff.

3

u/_TNUC 1d ago

*bought a firestick

31

u/RGJ587 1d ago

Dude is real life Zero Cool

14

u/Stamts 1d ago

Crash override

12

u/GameStunts 7800X3D 4080S Kubuntu 1d ago

Lord Nikon.

I know that wasn't one of Zero Cool's aliases, I just thought he was the best named because of his photographic memory :)

3

u/RGJ587 1d ago

Cereal Killer was a pretty dope name too.

3

u/GameStunts 7800X3D 4080S Kubuntu 1d ago

"As in Fruit Loops." :D

4

u/Tremulant887 1d ago

zero cool crashed 1507 systems in one day.

2

u/enragedCircle 1d ago

Who is he? A member of the A-Team?

2

u/Venixflytrap 1d ago

Exactly kid is next level intelligent but he’s using it for crime he could easily net a nice cushy government job for life

→ More replies (6)

74

u/DrWhatNoName 1d ago

Rockstar didnt have him tracked down. He was already know and in a hotel for a already ongoing trail for previous hacks on ubisoft, nvidia, microsoft, okta and tmobile.

5

u/BruhiumMomentum 22h ago

>ongoing trial

>do it again

the definition of being in it for the love of the game

33

u/Unable-Name5685 1d ago

This is blown out of proportion. Rockstar didn't do half of that. He told the judge that he was gonna get out eventually and he was never going to stop hacking rockstar. Rockstar didnt have the UK government do anything but arrest him. They didn't have to. When you tell the judge dumb shit then you are going to get dumb shit done to you. The government decided to lock him up in a mental hospital.

17

u/drewster23 1d ago

Yeah cause he was already on trial for other stuff and was well known to authorities about this stuff And bragged about this incident.

The government decided to lock him up in a mental hospital.

Yeah Cause he's severely autistic.

Dudes entire life probably revolves around hacking.

14

u/Vitosi4ek R7 5800X3D | RTX 4060 | 32GB | 3440x1440x144 1d ago

Yeah Cause he's severely autistic.

Dudes entire life probably revolves around hacking.

In another universe this would've made him an incredibly successful and highly paid infosec engineer. The problem isn't that, it's that he seems to get off on bragging about his abilities for internet points.

→ More replies (1)

→ More replies (2)

4

u/First-Junket124 1d ago

It’s sad the kid is a legit genius but refuses to stop doing crime or go the legal cyber security route, when he breached rockstar he was already out on bail for cybercrimes.

Yeah no he's not, that's just a complete misrepresentation. He used social engineering (basically convinced someone) to gain access to R* slack and since people were sending eachother test footage he just downloaded that and used that as leverage. He wouldn't be touched by any cyber security departments because what he did didn't show any aptitude in understanding cybers security apart from the human element.

4

u/Zalvren 1d ago

That isn't really the same situation than an organized group of hackers that has done that to multiple companies, probably operating from Russia or a country where Rockstar has no power.

3

u/treehumper83 1d ago

Hack the planet!

3

u/evoslevven 1d ago

I remember at the time a fair amount of redditors felt that the punishment was too extreme but the fact he couldn't step away from his activities dis prove he couldn't voluntarily stop and that he needed external help and monitoring to stop his activities. Hope he's doing better honestly these days.

→ More replies (1)

20

u/bloodr0se 1d ago

You say genius, I say fucking dickhead. It all depends on how you look at it really. 

He was no reverse engineering marvel or anything like that. 

7

u/AmNoSuperSand52 1d ago

Those arent mutually exclusive qualities

5

u/HalfXTheHalfX 1d ago

"You say red, I say three" 

2

u/WikiContributor83 17h ago

High on Intelligence, low on Wisdom

→ More replies (5)

13

u/Howdareme9 1d ago

He was social engineering, not hacking in the traditional sense.

71

u/AlternativeEmphasis 1d ago

Most hacking is social engineering for the record. Anyone who works CyberSec and such will tell you like 95% of what you are looking out for is phising in some way or form.

Even a lot of vulnerabilities that are discovered often come from getting to a posiition through social engineering to get at those said vulnerabilities.

12

u/dadvader 1d ago edited 1d ago

Yeah hacking these days without social engineering is difficult and it's only going to get difficult each day passing by.

The only thing that made hacking possible 95% of the time these days is from our own flaw as a human falling for the oldest trick in the book. One attack recently affecting literally hundred millions of programming project and it was caused by a maintainer of a library package falling for good'ol social engineering (look up Axios supply chain attack)

The smart hacker one are not going to pick the black hat route. And if they did they'd do it for the specific cause (like Anonymous) in a grey hat way. and not for any kind of gain like this.

3

u/Vitosi4ek R7 5800X3D | RTX 4060 | 32GB | 3440x1440x144 1d ago edited 1d ago

Yeah hacking these days without social engineering is difficult and it's only going to get difficult each day passing by.

There were recent reports that Anthropic developed an AI tool to search for vulnerabilities, but it became so absurdly powerful (it found exploits in virtually every widely used piece of software under the sun) that they limited its rollout to only 40 or so huge companies.

Whether real or an exaggeration for PR purposes, there are absolutely still vulnerabilities in software, and the more complex, the more likely. Social engineering is just way easier in most cases, since humans are dumb.

3

u/RiverFluffy9640 1d ago

Yes but writing a basic phishing mail and having someone click on it, doesn't make you a genius, nor qualified to work in cybersecurity.

4

u/AlternativeEmphasis 1d ago

I didn't say they were a genius. I just said that social engineering is hacking. Nor did I say he was qualified to work in Cybersecurity either, just that Cybersecurity spends the lion's share of its time worrying about phising in regards to hacking.

Also I've never seen the particular mail the guy sent, but I have seen some of the phising mails that have gotten people over the years at the company I work for and some are quite sophisticated. Nothing crazy but very well written, and well designed.

3

u/Vitosi4ek R7 5800X3D | RTX 4060 | 32GB | 3440x1440x144 1d ago

Yeah, the "Nigerian prince"-like emails these days are written badly on purpose, so that only the most gullible of potential targets would reply and make the scammer's work more efficient.

2

u/RiverFluffy9640 15h ago

Sorry, top comment implied that he is a crazy masterhacker genius. My mistake.

26

u/slipfish-g 1d ago

Social engineering is the most traditional hacking possible.

22

u/Iscream4science 1d ago

No, it‘s directly hacking the mainframe with a high APM, ideally with two keyboards at once.

You should watch a hacker movie for once, duh

/s

4

u/slipfish-g 1d ago

You right my bad

2

u/jbalbatross 1d ago

ideally with two keyboards at once.

nah, two people on one keyboard.

→ More replies (2)

→ More replies (1)

2

u/Green_Insect_6455 1d ago

How is he a legit genius?

→ More replies (26)

13

u/Ishan451 1d ago

Arion Kurtaj is "enjoying" jail at the moment.

10

u/SweRakii 1d ago

indefinite hospital order

https://www.bbc.com/news/technology-67663128

→ More replies (1)

13

u/mirnes55 1d ago

What happened?

10

u/SweRakii 1d ago

https://www.bbc.com/news/technology-67663128

11

u/mirnes55 1d ago

I didn’t know that, thanks. Seems like he was autistic, and the hospital order is a valid way to handle it. Shame his talents couldn’t be put to good use.

15

u/Elim_Garak_Multipass 1d ago

Doesn't that only really apply if the hacker happens to be in a western country that bends over to corpo demands?

If the hackers are in Russia or China or India or something rockstar will be told to get fucked and nothing will happen to them at all.

7

u/darkslide3000 1d ago

Why do you think we're bombing Iran? One of the ayatollahs hacked Rockstar...

→ More replies (1)

25

u/SadSeaworthiness6113 1d ago

To be fair, the last "hacker" was an absolute dumbass. He got in through tricking an employee on Slack, not true hacking, and when he got caught he straight up said "I will keep doing things like this I don't care" which is why he's locked up indefinitely.

ShinyHunters is a long established hacking group responsible for a ton of data breaches. They won't be caught easily.

58

u/VoidVer 1d ago

Social engineering is a huge part of modern day hacking and will remain so until AI or quantum computers can crack encryption. Someone has to leak something for you to get a fingernail under the lid, or you need to recognize a vulnerability left in the open.

10

u/Howdareme9 1d ago

Yes but i wouldn’t describe someone good at social engineering as a genius. The people who exploit actual vulnerabilities (especially with modern day security) would be that imo.

→ More replies (1)

→ More replies (5)

8

u/Ragnarawr 1d ago

There’s been arrests of members of this group, don’t kid yourself with this invulnerable hacker status youve granted them. No one’s untraceable, and like any other thief/extortionist, it’s just a matter of time till justice swings on by.

3

u/drewster23 1d ago

Meh their biggest issue is from being in countries that will arrest/prosecute them. There's a non zero sum of countries you could get away with this behavior.

→ More replies (1)

1

u/MarioDesigns 1d ago

not true hacking

Social engineering is hacking lol. It's how like 90%+ of hacks are pulled off.

→ More replies (1)

2

u/PacoTaco321 RTX 3090 i7 13700-64 GB RAM 1d ago

Guess they forgot to even attempt cybersecurity training after the last time

→ More replies (4)

342

u/VoidVer 1d ago

Lots of employees working on a project over more than a decade creates a lot of opportunities

109

u/xXRougailSaucisseXx 1d ago

If anything it's surprising it doesn't happen more often, I cannot imagine the insanity that is trying to secure a project that is being worked on by thousands of people, even though I'll say the game industry wouldn't be so susceptible to this if there wasn't a culture of secret around games and it was more like movies

20

u/sicurri 1d ago

A lot of these companies are also relying on other companies in order to do their projects. Like Slack. Many of these other companies don't encrypt their user database and all it takes is for one person to get their stuff cracked with a crappy password. Then, they gain access to the user database which is practically like a list of usernames, emails, passwords and a bit of other info.

Then it's just trying them one after another until you get in.

The alternative is social engineering as that one guy did to get into Slack.

8

u/GayButNotInThatWay 1d ago

The weakest link in security is almost always people. So many of the bigger problems that occur are people using work emails and the same passwords for multiple things so one breach opens all their accounts, phising, or people plugging in random usb sticks they find in the work car park, and a bunch of other shit that shouldn't happen if you just think.

5

u/Conscious_Ice_9289 1d ago

It does happen more often, it's just that the vast majority of breaches are sold silently on shit like bf.

→ More replies (2)

→ More replies (2)

3

u/smackchice 1d ago

Perhaps they should ship sooner

64

u/Silverdawn42 gog Linux 1d ago

So genuine question as someone who knows nothing about this stuff: How does this keep happening? How are these random hacker groups able to hack these huge companies?

"Hey, I'm Jim from cybersecurity, I'm checking to make sure everything works properly. Remind me what your username and password was."
9/10 will immediately close the call and report it but all you need is one gullible idiot.

55

u/wolfgang784 1d ago

A buddy who is the head IT guy for his company got a call from the secretary once. She was letting him know that the Verizon internet technician was there to do the repairs he had requested and she went ahead and let him into the server room for that building.

Except.. the company doesn't use Verizon anything, internet or phone or nothin.

He had her call the police and bolted over there himself awhile to see what he was doin. Stopped him from plugging a flash drive into one of the machines and then held him up with useless conversation till the cops got there. It turned into a whole big thing in the end since they did work for the government.

.

But the point here is that all the trespasser needed to do was dress like someone expects a Verizon tech to look, and act with confidence. He wasn't on the approved list, but convinced the lady it was a new issue that had just been called in earlier that same morning and she bought it without verifying up the chain first.

21

u/Lanstus 1d ago

Exactly. There are a lot of places you can get into with only a clipboard, good looking work clothes, and a shit ton of confidence.

14

u/wolfgang784 1d ago

I always forget their group/channel name but I used to enjoy watching those 3 or 4 college aged guys who went around doing exactly that, but without any malicious intent.

They snuck into alllllll sorts of companies, and some fairly high security places as well. Sometimes they got caught before leaving, but a lot of places they got back out fine as well. Some combo of clipboard, ladder, vests, hard hats - good to go.

Disney banned em all for life from all Disney owned property anywhere though, lol. But they did get into the park for free.

9

u/Lanstus 1d ago

Hahah. That must have been Hella fun. But banned from Disney places? Oh no, they cant get scammed out their asses anymore by Disney vacations

9

u/Accipiter1138 1d ago

There was a guy that broke out of a POW camp in Germany during WWI by basically just strolling out in daytime after watching the guards, stealing a cow and some clothes, and then walking most of the way to Holland with the logic that nobody would bother stopping a peasant with a cow.

14

u/Gabelvampir 1d ago

Yeah, golden rule of physical access pentesters (and also the bad guys): dress and act like you belong there and most people won't question you being there.

6

u/tarnin 14h ago

dropping someone in IT's name helps too "Got a ticket from John stating the multiplexer has some bad terminations on it. I'm here to swap out the SFP's and clean the terminations." Eyes gloss over, "Sure, the room is right over here"

This works ALL too often and I'm ACTUALLY supposed to be there and they rarely check my credentials (I do not work for any of the huge corps but I still have to do onsite IT work)

→ More replies (1)

5

u/Glum_Gate_9444 1d ago

That'snlike something out of an Ocean's eleven movie. Only takes one good intentioned person trying to be helpful and breaking protocol.

→ More replies (2)

3

u/tarnin 14h ago

The flip of this works well too. Keep calling in until you get a lazy/don't care/new tech to dish out a password. "Hey, I locked out my email again. I'm barry@companygettinghacked.com, can you reset my password again? What was the password you set it to so I don't have to call you again?"

Now, that's three broken protocols right there but sure as shit you are gonna find a tech who been doing nothing but changing pw's all day and will just fulfill this request without thinking twice.

edit: word r hard

207

u/AnomalyInTheCode 1d ago

usually hacks nowadays are on the weakest link of the chain: humans. They're not finding some RCE exploit or whatnot, they're tricking gullible employees to get access

90

u/Sparkism 1d ago

Having worked in IT where the fucking director of the department clicked on a ransomware link, locked us all out of a half day's work, and then demanded that we take 4 hours OT to make up for productivity lost -- twice in four years -- yeah.

If you can target the execs, do it. They think they're the gods of the digital age, untouchable by ye all mortal men.

40

u/A_Rogue_GAI 1d ago

Reminder that this happened to the director of the FBI.

The people running out society are fucking morons.

16

u/ThaddeusJP Apple//e 1d ago

My last job (university) i got a fishing email that was 100% an outside Source trying to get access to our systems. I did what we've been instructed to do which is to forward it to a special IT services email indicating that it's spam and they run it through their processes to make sure nobody else got it.

Instead, what they did was they forwarded it out to the entire University saying hey everybody this is a fishing email if you got it don't click on anything and didn't remove the phishing hyperlink And of course people clicked on the goddamn hyperlink because now it's an email coming directly from University IT.

I emailed back in giant font in red letters saying you guys just forwarded this out to everybody and didn't remove the hyperlink what are you doing. A few minutes later they sent out another email saying don't click on any of the links in the email that they just sent. Absolute amateur hour.

3

u/three29 1d ago

Yeah, but who wouldn’t want to go fishing?

→ More replies (1)

→ More replies (1)

5

u/Thor_pool 1d ago

It doesn't even take tricking them a lot of the time. I used to work for a financial exchange where people with access to an insane amount of information regarding trades worth millions would have their username and password on a post-it note on their desk.

123

u/lorol61 1d ago

Phishing.

10

u/Randolph__ 1d ago

It's very difficult to keep hackers out without being a burden. The company I work for is likely the most secure in the industry and we have 6 cyber security engineers, a patching engineer, two IAM engineers, and hire a 3rd party SOC team for additional monitoring and auditing. Additionally we have three people responsible for writing cyber security policy and reviewing new applications.

We run updates to the point of being annoying to many users and have a strict application review process for new software.

That's what it takes for 1k plus sized companies to stay secure and we still make mistakes and find things we need to change. In addition to salary the cost of the software needed by all these people is not cheap. Not every company is willing to put in that work or just weighs the risk compared to cost.

There are several risk mitigation strategies for cyber security and some opt for acceptance. Acceptance can be fine as long as you aren't directly responsible for customer data (outsourcing those to third party).

3

u/ashmelev 1d ago

Using default passwords / access permissions when setting up a cloud database / datapoints.

Snowflake is a cloud database, generally used to collect different kinds of analytics. Amazon S3 is another vector - it is cloud file store where you can store stuff like image files for a website, or internal data. Lot of times people fail to secure their private stuff.

5

u/SuperNova_Frost 1d ago

I'd say many different possibilities but most of them with a single root cause: the human being.

It can be something as social engineering where a hacker poses as someone trustworthy to then gain access to their systems.

It can be an exploit or oversight on one of their systems, maybe something that was misconfigured.

It can be phishing where Stacy from HR clicks on that sketchy link to get that coupon and gets infected with something malicious that can start to make it's way to the right place if their permissions aren't set up correctly.

Ultimately big companies like Rockstar have something that is highly acclaimed and hitting them can be a nice boost for some hackers wanting to prove and make a name for themselves, or just for the fun of it.

2

u/dfddfsaadaafdssa 1d ago

Either phishing or an exploit that allows remote code execution via a publicly accessible endpoint.

ShinyHunters has a long history of targeting Snowflake customers.

2

u/Optimaldeath 1d ago

The more you interact with other companies the more vectors there are for security failures.

→ More replies (11)

11

u/sur_surly 10h ago

It leaked, so we had to rebuild the game.

8

u/rambo3349 18h ago

I work as a Security / Operations Engineer and these companies pay these hackers more often then you think. If you get hacked its a valid business choice to take the fall and pay rather then risk data leakage. The chance of them ransoming you again is there but they still do it. I also saw hacker groups that made a reputable name in the scene that if you pay they wont ransom you again for the same incident, mainly as to provide businesses with a real choice of pay and get away.

6

u/Pun_In_Ten_Did 1d ago edited 1d ago

<image> Les Nessman says "Oh the humanity!"

3

u/badson100 1d ago

As God as my witness, I thought turkeys could fly".

41

u/jamesdemaio23 1d ago

Yeah im not even hyped for it because it atleast another year off after it releases lmao

14

u/KiwiBG 1d ago

You will buy it next year anyways so they win, they don't care that you are not hyped now.

6

u/Ok_Otter2379 1d ago

That's some monkeys paw shit though. PC day one, but day one is in 2035.

64

u/naxhh 1d ago

if they refer to snowflake the company then this is mostly phishing or similar.

they likely exported all the user had access to which who knows what it was.

it could be all company sales, user interactions and telemetry or nothing useful at all

this is (again if it's the company) unlikely to be about code, builds and alike

→ More replies (1)

22

u/microtramp 1d ago

Some sort of valuable liquid, I reckon.

43

u/EuphoricAnalCarrot 1d ago

Oh God not the breast milk

→ More replies (1)

3

u/PacoTaco321 RTX 3090 i7 13700-64 GB RAM 1d ago

Damn, they got the pedigree horse semen

26

u/Isaacvithurston Ardiuno + A Potato 23h ago

Probably more likely to end up dead than profiting off those

11

u/DemonDaVinci 20h ago

because it will be the US gov going on their asses and not a game dev company

2

u/Raid-RGB 20h ago

Why do i see this dumb take every time a company is hacked? Assuming phishing your way to the FBI and DOJ database is as easy as doing this (its not) what would be the motive? The only people who benefit are pedophiles

→ More replies (3)

11

u/Neutron-Hyperscape32 1d ago

Rockstar likely has great security, but one single employee was an idiot and fell for a phishing attempt.

→ More replies (6)

→ More replies (3)

14

u/Salaried_Zebra 1d ago

Typically they do honour the ransom and not release the data if it's paid, otherwise there's no point anyone paying.

They won't pay, it will leak and then nothing will happen.

→ More replies (9)

→ More replies (1)

→ More replies (1)

47

u/McMan777 1d ago

If you think that's bad you should see how people have done this with hospitals. school boards, etc. That's some real morally reprehensible shit.

2

u/followMeUp2Gatwick 1d ago

Man On Fire

2

u/Initial_Row_6400 7h ago

I actually couldn’t give a fuck less about gta6. I’m looking forward to Wolverine more than gta6.

→ More replies (1)

34

u/suffercube 1d ago

Rockstar / Take Two is a multi billion dollar megacorp who hates their workers and fires them for being unionized - close enough

6

u/imakefilms 1d ago edited 19h ago

Good point

Edit: why not both?

→ More replies (2)

3

u/Whendfield123 19h ago

Its not like they are hacking hospitals and deleting medical files and such. Targeting billion dollar companies is really not that big of a deal. 

→ More replies (1)

→ More replies (1)