Police in the City of London arrested a 17-year-old from Oxfordshire under the suspicion that he’s responsible for the hacks of Rockstar Games GTA VI and Uber, sources close to the investigation claim.
In the course of just one week, a hacker managed to compromise Uber’s internal infrastructure and Rockstar Games’ systems. At first, the two incidents seemed unconnected, but the hacker who stole GTA VI footage and source code bragged about breaking into Uber as well.
The initial report regarding the arrest did not mention the accusations, just that the arrest is part of the UK’s National Cyber Crime Unit investigation. No official information is available as of yet, but sources close to the investigation revealed to The Desk that the teenager was arrested in connection with the Rockstar Games breach.
The Uber hacker managed to access several other employee accounts, gaining elevated permissions to several tools, including G-Suite and Slack.
“We believe that this attacker (or attackers) are affiliated with a hacking group called Lapsus$, which has been increasingly active over the last year or so,” said Uber in a press release.
“This group typically uses similar techniques to target technology companies, and in 2022 alone has breached Microsoft, Cisco, Samsung, Nvidia and Okta, among others. There are also reports over the weekend that this same actor breached video game maker Rockstar Games. We are in close coordination with the FBI and US Department of Justice on this matter and will continue to support their efforts,” they added.
While Rockstar Games said nothing when the first reports about the hack surfaced, they eventually admitted that their systems had been breached and that criminals stole GTA V and GTA VI source code, along with production footage of GTA VI.
According to the initial reports, the hacker even tried to blackmail Rockstar Games, threatening to release the GTA VI source code into the wild.
The investigation is still ongoing, and it will likely take time to confirm if the same hacker is really behind both breaches and if Lapsus$ is the group responsible.