While hordes of fans the world over wait for the release of Grand Theft Auto VI, to return to Vice City for their carjacking, heist-pulling, tank spawning fix, a popular online cheating service called Atlas Menu, used by players for the previous game, has reportedly been hacked.
The service offers players unauthorized cheats and exploits in game, such as invisibility or flying around the map. People who use these cheats to stand atop the mountain over other gamers now risk having their data and identities exposed. In some way, the service must have run afoul of the hacker, who claims revenge against a scammer as motivation for stealing data from over 60,000 accounts and throwing it up on GitHub.
Email addresses, usernames, and even IP addresses were compromised. Fortunately, the passwords were scrambled, backing Atlas Menu’s claim to have “secure authentication and enhanced privacy through our advanced encryption techniques.” So this story, like a car in the game just waiting to be lifted, has a silver lining. Keeping data protected behind a strong layer of encryption renders it useless for the intruder, even when, not if, a breach occurs and the perimeter is compromised. This is precisely the philosophy behind NetLib Security’s Encryptionizer solution: designed to encrypt stored data across all environments – physical, virtual and cloud – with no additional programming required and minimal effect on performance.
This story comes tailgating just behind GTA developer, Rockstar Games, also experiencing a breach at the hands of, who else but ShinyHunters. In April the company revealed the notorious ransomware group had included them among their sprawling list of targets, and were given until April 14 to pay the ransom. Ultimately, Rockstar did not play ball, and the data of almost 80 million records was published online. Like many other companies, Rockstar was breached via third-party data analytics contactor, Anodot, from which the hackers acquired legitimate authentication tokens that they used to gather further tokens from Anodot’s clients, and exfiltrate more and more data.
It is interesting to see the opposing choices different organizations make, when confronted with ransomware demands (usually by ShinyHunters these days, it feels like). Rockstar and Instructure Canvas abstained; pharmaceutical giant Cencora chose otherwise, and paid cybercrime group Dark Angels a sum of $75 million (in bitcoin) following their own major breach. Which is the right response?