Void Interactive, the Ireland-based indie game developer behind Ready or Not, fell victim to massive data breach with over 4TB of data stolen consisting of over 2.1 million files in total.
Ready or Not is a tactical, first-person shooter taking place in a contemporary modern and involves SWAT team operations. While reports circulating about the data breach, no particular threat actor was mentioned, however, the incident did occurred in March 2024.
Void Interactive confirmed the data breach to Insider Gaming while stating that “no user or staff-related information has been leaked, and our development assets and proprietary code remain intact.” In response to the breach, Void Interactive seems to be conducting an on-going investigation to understand the full-extent of the intrusion.
Void Interactive Data Breach Linked to TeamCity Cloud Vulnerabilities
The data was stated to include the entire Ready or Not PC source code. It also includes data from performance benchmark tests and development builds for console versions of Ready or Not, for the Xbox One, Xbox Series X|S, and PlayStation 5 platforms. Purported images of the PS4 build of the game running on a PlayStation 4 test kit was also revealed in the leak, as reported by Insider Gaming.
In another report from Kotaku, a representative from Void Interactive stated that the hack was a result of “critical vulnerabilities” present in TeamCity’s cloud service component for build-management. The game developer added that the hackers obtained access to certain source code and screenshots involving an upcoming project.
The Void Interactives spokesperson further claimed that no user-related data had been breached, as they ‘do not capture any personal user information in the first place’. The developer again confirmed that some source code & directory information had been stolen as a part of the attack.
However, development assets and proprietary code were not part of the breach. Void Interactive pointed the attack as being ‘limited to the TeamCity services interface.’ The Cyber Express has reached out to Void Interactive requesting information about the on-going investigation.
While Kotaku and Insider Gaming seem to refuse to directly name the hacker group responsible, it is worth noting that around the same time the incident was stated to occur, a reddit user by the username “DrinkMoreCodeMore” claimed to have noticed the d0nutleaks ransomware group listing Void Interactive as a victim on its data leak site.
Data Breaches, Source-Code Leaks, and Hacks Plague Gaming Industry
The gaming industry has been rife with data breach and hacking incidents affecting both prominent studios and smaller development teams. Last month in March, the Apex Legends North American Finals had been postponed after two professional players had been hacked to provide ‘aimbots’ and ‘wallhacks’ mid-tournament.
In December 2023, prominent game developers Insomaniac Games and RockStar Games suffered massive data breach attacks. The Ryhsida ransomware gang leaked 1.67 TB (1.3 million files) of data from Insomniac Games, while another group leaked two files— a 4 GB file and a 200 GB File from Rockstar Games.
The smaller file mostly contained code, while the bigger one contained 3D models and assets. The leaked data included data of at least 1158 of Rockstar employees.
The recent series of data breaches serves as a stark reminder that as developers continue to innovate and push boundaries in gaming, protecting intellectual property and sensitive data must remain a top priority in order to provide a secure environment for creators and players alike.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
