Updated December 24th, 2023 at 19:48 IST

Rockstar Games reveals $5 million cost and hours of staff time in GTA VI leak recovery

Kurtaj, responsible for the GTA 6 leak, was sentenced to indefinite custody at a secure hospital due to his alleged "acute autism."

Reported by: Business Desk
GTA VI leak | Image:Rockstar Games

In a recent court statement, Rockstar Games disclosed that the infamous Grand Theft Auto VI (GTA VI) leak from last year cost the company a staggering $5 million in recovery expenses, along with "thousands of hours' worth of staff time." Arion Kurtaj, an 18-year-old hacker and member of the international hacking group Lapsus$, faced sentencing for his involvement in the breach.

Kurtaj, responsible for the GTA VI leak, was sentenced to indefinite custody at a secure hospital due to his alleged "acute autism," rendering him unfit to stand trial. The hacker, part of Lapsus$, had targeted various companies, including Uber, Nvidia, and Rockstar Games. The cumulative damage caused by the hacks was reported to be "nearly $10 million."


During the court proceedings, it was revealed that Kurtaj infiltrated Rockstar Games' company Slack channel using an Amazon Firestick, a hotel TV, and a mobile phone. The breach resulted in the download and subsequent sharing of more than 90 video clips from the in-development game, disclosing critical details about GTA VI, such as its setting in fictionalised Miami (Vice City) and the introduction of a playable female character named Lucia.

Despite the setback caused by the leak, Rockstar Games managed to create significant buzz around GTA VI, with the official trailer amassing over 90 million views within 24 hours of its release. The trailer currently stands at 155 million views, emphasising the enduring anticipation for the game.


Kurtaj's lawyers argued that the leak did not cause extensive harm to Rockstar Games, pointing to the success of the GTA VI trailer. However, the judge disagreed, noting that Kurtaj had caused harm to multiple individuals and companies, expressing a desire to continue hacking.

The sentencing of Kurtaj and another Lapsus$ member coincides with growing concerns about cyber threats targeting the gaming industry. The U.S. Cybersecurity and Infrastructure Security Agency had previously highlighted Lapsus$ in a report, emphasising the group's ability to infiltrate well-defended organisations, often comprising juveniles.


This revelation follows the recent cyberattack on Insomniac Games, the developer of Marvel's Spider-Man 2, where a ransomware group named Rhysida leaked extensive data, including in-development gameplay footage of the highly anticipated game Marvel's Wolverine and personal information of employees and contractors. The incident underscores the increasing vulnerability of gaming studios to cyber threats and the potential repercussions on unreleased projects.



Published December 24th, 2023 at 19:48 IST