Teenager Allegedly Responsible For Massive Uber Data Breach

A 17-year-old teenager is allegedly responsible for both Uber and Rockstar Games' recent data breach.

By Gabriella Acuna | Published

This article is more than 2 years old

Two well-known companies are the latest to have fallen victim to online hackers. The data breach at Uber and video game development company Rockstar Games was allegedly carried out by a 17-year-old from Oxfordshire. On September 22nd, the City of London police arrested the teenager on several charges including conspiracy to attack two different computer systems

User “teapotuberhacker” of the GTA Forums leaked 90 videos of gameplay animation from the new and unreleased Grand Theft Auto VI. The user posted more than 50 hours of footage illegally onto the forums. The animations included previously unconfirmed features that gamers had only speculated would appear in the upcoming release.

In the footage, there appeared to be a first-ever female single-player character. Another seemingly updated detail includes the setting where the game generally takes place, in Vice City. The leaked GTA VI footage reveals a much more modern version of Vice City.    

The teenager threatened to release the source code for GTA V and GTA VI and demanded that Rockstar Games pay him to return the code he originally stole. The company knew that releasing the code to the public would prove to be detrimental to the future of its data security. GTA V and GTA VI would be exposed and at risk for hackers to infiltrate. 

Rockstar Games confirmed the attack by posting about the incident on social media. “We are extremely disappointed to have any details of our next game shared with you all in this way,” tweeted the company from its official Twitter account on September 19th. The company was quick to reassure audiences that the intrusion wouldn’t affect any of their ongoing or upcoming projects. 

uber microsoft macos user privacy

The hacker was also responsible for a recent Uber data breach on September 15th. Using an Uber contractor’s credentials, the 17-year-old was able to login after several failed attempts. The alleged perpetrator is thought to have purchased an Uber contractor’s login information off of the dark web

The teenager gained access to multiple employee accounts across different platforms, including Slack. Teapotuberhacker first logged into Slack, a messaging application used primarily by organizations to communicate with each other through text, audio, and video. He found a company-wide channel and proceeded to post a message. 

He then hacked into some of Uber’s internal sites and altered their code to display a graphic image to employees. In response to the security event, Uber promptly took action. They reset employee passwords that were compromised, disabled an array of internal tools, reset access to internal services, and locked their codebase.

“Laspus$,” a group of hackers that have claimed responsibility for other attacks on companies such as Cisco and Microsoft, has been actively attempting to hack large corporations since 2021. Authorities believe that the 17-year-old may be part of the “Laspus$” group. The group uses hacking strategies that are similar to the one that the hacker used to attack Uber and Rockstar Games.

Both companies, headquartered in the U.S., are working in conjunction with the FBI and US Department of Justice as they continue to investigate. Authorities in the UK haven’t provided further information. The hacker is still in police custody.