(electronic music) - [Falcon] Some people
learn to hack in video games so that they can have an
easier time in the game. Some people do it to make some cashola. Hi, folks, it's Falcon,
and today on Gameranx, 10 hackers who stole from
video game companies. Now, there are a couple of
these we've previously mentioned in other videos, like the
time those hackers mined like $16 million from EA
by hacking the FIFA coins. A publisher allegedly
hacked the Sinking City and changed the source code,
et cetera, that type of stuff. But we actually have
some totally fresh things that we've never talked about, and a few that we've briefly covered or covered in a different context. So without any further ado,
starting off with number 10, a time that this hacker bribed his way into a bunch of "Roblox" accounts. So this was, I mean, maybe
not the most ingenious hack of all time, but a hacker
actually bribed a worker of the "Roblox" company in order to gain access to
the customer support panel, and using this was actually able to get various users' email
addresses, change passwords, turn off two-factor authentication. He was able to ban people. Now, the hacker didn't
do this to be malicious or steal anyone's money or
data, or anything like that. They just wanted to show how easy it was to get into the "Roblox" system. My guess would be that that would mean that's somebody who's actually
in the "Roblox" community or is a fan or user on "Roblox," perhaps even a concerned
parent, who really knows? But that's really what
you have to think about in this type of an incident. "Roblox" is primarily a platform/game that is engaged with minors, and if it's that easy to
get access to their data, that's kind of scary. It also makes me wonder exactly how much they bribed this worker. At number nine, we are gonna talk about the LulzSec 2011
PlayStation Network outage. This was a big event. I remember this clear as day. In fact, there are not a lot
of events like this in gaming, particularly after the dawn of
always online gaming consoles and platforms and stores and all this. This is not even the only time Sony had this problem, either. Do you remember this Christmas one? Oh yeah, we remember the Christmas one, but this was just, you know,
in the middle of nowhere. LulzSec just decided,
"Hey, let's do this." This was big, and I'm pretty sure it's why everybody takes security so specifically
seriously at this point, because if you don't, you may end up shutting down everyone's everything for a long period of time. Specifically, the outage was 23 days. And on top of that, 77 million accounts had their private information
exposed to the hackers. Now, it's not just that
these hackers got into Sony. They totally disrupted
everything about Sony here, and Sony didn't handle it well, either. All in all, it was almost a month that this ordeal went on,
and it was ridiculous. Interestingly enough, it also
resulted in Cody Kretsinger, one of the hackers affiliated
with the group that did it, LulzSec, to be sentenced
to a year in prison due to his involvement in the hack. At number eight, hey, remember
back when the Nintendo Switch was just being speculated about? Remember some hacker
kept leaking information? Well, the hacker who actually
got in and stole stuff from Nintendo was a minor at the time. The FBI got in contact with him, and because he was a minor, they didn't give him any jail
time or anything like that. They just said, "Hey, you gotta promise not to do this anymore." He did promise, but he
did not keep that promise. He kept on hacking, Nintendo specifically, interestingly enough. It seems like they'd be on high alert after you'd successfully
done it, but you know. So he got back in trouble with
the FBI, shockingly enough, and he kept leaking information about the Nintendo Switch console, and other things that Nintendo was doing, and figuring that no
one would notice this. So in 2019, the FBI searched his house, because yeah, that's what happens, and they discovered literally thousands of private Nintendo file stuff that is not available to anyone. And then they also found
about 1,000 instances of child pornography in a folder he labeled "bad stuff,"
which dude, bad stuff? Like this guy seems to understand that what he's doing is
bad, but he keeps doing it, and he doesn't really make a
lot of effort to not get caught between just continually hacking Nintendo and, oh, I don't know,
everything about the rest of it. First off, it's disgusting. Second off, did you not
think of the possibility that an FBI raid could happen? It's both deplorable and really stupid. At number seven is an
event called the Gigaleak, which was just this huge series of leaks where internal Nintendo
data was stolen en masse. This happened during the course of 2020, and was actually kinda quiet
in terms of media coverage, but this was a big thing. A lot of us were paying attention to this. The name Gigaleak primarily
refers to the leak from July 24th, 2020, last year, which was three gigabytes in size. Now, keeping in mind that
a game can be much larger than three gigabytes, but internal like
documents and information? That does not take up
nearly the amount of space that a game does. It's text, some of it's images, but it's a bunch of design stuff, it's contracted work done for Nintendo. It was pretty much unprecedented. There was nothing ever
of this magnitude leaked from a video game company prior to this. I mean, this thing had older
information from like way back in the world, like "Super
Mario World" sprites, including an early Yoshi, where he looked a lot more
like a weird dinosaur. "Yoshi's Island" playable demo stuff, tons of source code to
like games like "Star Fox," "Mario Kart," the official
master ROM database for the entire Nintendo
Entertainment System, the original NES. The whole thing is in this leak. There's tons of like high
resolution manual art from like Zelda games. It's really just fascinating when you start going through it. At number six, this ransomware gang called Egregor got all this Ubisoft and Crytek data, including the source code
to "Watch Dogs: Legion," which by the way, they just leaked online. It was a 558 gigabyte archive, and wow, is that not ironic as hell? You have this game about hacking
and hacking group hacks it, and then publishes the source code? And what Egregor does is actually hold these companies hostage and like make 'em cough up money so that their source code
doesn't get published. So apparently Egregor actually
did this to both Ubisoft and to Crytek, and had like 300 gigabytes of Crytek's data, and they
threatened to release this stuff, but apparently they never
got contacted even at all, by Ubisoft or Crytek. So they just started publishing it. 558 gigabytes. That's a ton. I'm not gonna download that. I don't even care if I want to mess around with the source code of that game. At number five, Capcom
employee data got stolen by Ragnar_Locker, another ransomware gang. This one was potentially
a lot more damaging to the everyday people that do the work of creating these games. You see, it was the personal information of the 16,415 Capcom employees, also about 390,000 customers'
information got leaked, which contradicted what
Capcom initially said about this intrusion. After admitting the extent of what information had been leaked, they also went ahead and said no credit card data had been leaked, but I still don't trust that. Like the hack took
place in November, 2020, and it took 'em like several months to acknowledge it even happened, and then they were like, "Yeah, but no credit card information." I don't think that there's
been a resolution to this, but I don't believe that, sorry. At number four, a security
researcher that used to work for Malwarebytes actually
avoided getting put into jail by pleading guilty to various hacks, including Microsoft and Nintendo servers, which happened in a sequence
where he hacked Microsoft, got in trouble for it,
he was arrested for it. He got bailed out, no
restrictions were placed on his computer usage,
and he just kept hacking. He got caught doing the
exact same thing to Nintendo, and the stuff that he stole
included like source code to unreleased games, lots
of usernames and passwords, and apparently he caused
about 2 million in damage to both Microsoft and Nintendo. At least that's what both
of the companies estimate, 1.8 million for Nintendo,
two million for Microsoft. By pleading guilty, he
was given a five years Serious Crime Prevention Order, where if he gets caught doing anything, he gets five years of
jail time, no matter what. At number three, a moderator
who was playing "RuneScape" actually abused his privileges
to steal gold from players, which is not the same thing
as like a full-fledged hack, but I mean, if you have
employee privileges, and you're a moderator and you're stealing from your customers, and yes,
they actually do spend money with you to get the things
that you're stealing from them, you are kind of doing the
same thing that a hacker does, albeit with some distinct advantages. The police were actually
brought into the situation. It was a pretty serious thing. Like I get the incentive of like an outside hacker from doing this, but like, if you work for the company, why would you do this? Like the reward is
nowhere near like enough. You're going to get in trouble. It's easy to track you. You're an employee. I don't get this one. I don't get why he would do that. Dumb. At number two, if you
remember way back in the day, like 2013-ish, around Christmas time, there would always be
DDoS attacks on like Sony, Steam, EA, all these things, and they'd be brought right the hell down. Well, the guy who did like
the initial round of these and kind of started the trend, a hacker by the name of derptrolling, he actually got 27 months in prison after having been tracked down from doing all of these different attacks on like PlayStation Network, Steam, Xbox Live, EA, Nintendo,
"Quake," "Dota 2," like just got everything. Basically it started a trend, too, where this happened
pretty much every year, and people would say like, "Oh, we're doing it for the LOLs. We're gonna make families spend time with each other on Christmas." We're just like, that's a flimsy excuse. Ya just wanna do it, right? Yes. And finally, at number
one, this was a big one. Back in February, there
was a big ransomware attack on CD Projekt Red, who was in the middle of trying to fix "Cyberpunk." I mean, we all know how
much people had a problem with "Cyberpunk," and
how very little goodwill anyone has for "Cyberpunk"
at this point, even now. This is a few months ago
too when this happened. The ransomware attack
basically locked everybody out of their workstations
for several weeks, and exposed most employees'
private information, including account information, to the point where CD
Projekt Red recommended to all employees that they
like freeze their accounts, which considering they're not
working for several weeks, and on top of that don't
really know what happened, are not in a good position. That is a bad position, in fact. This eventually resulted in four days ago, a bunch of videos of like bug
compilations for comedy's sake that CD Projekt Red had
created about their game, which was buggy, and that was the problem. Oof. Not going well for them. Anyways, that's all for today. Leave us a comment. Let
us know what you think. If you like this video, click like. If you're not subscribed,
now's a great time to do so. We upload brand new videos
every day of the week. Best way to see them
first is a subscription, so click subscribe, don't forget to click
the notification bell, and as always, we thank you very much for watching this video. I'm Falcon, you can follow me
on Twitter at FalconTheHero. We'll see you next time
right here on Gameranx.
