How Hackers Could Have Accessed The Last of Us Part 2 Materials
Hackers appear to have hacked older games to gain access to the servers.
The Last of Us Part 2 has been doing the rounds online after the game’s major plot points had been leaked. Rumors had started floating around indicating that the leaks came from a disgruntled employee at Naughty Dog, which later grew to become possibly more than one disgruntled employee. These rumors were mostly believed due to the conversation surrounding crunch and working conditions at the studio in the past.
It was announced that it was in fact, hackers that leaked the scenes, but how could they get into the studio’s servers to do so in the first place? Kotaku and a Twitter thread detail what likely happened and how hackers gained access to the Naughty Dog servers. The following contains a lot of technical terminologies that may make your eyes narrow. Additionally, this post contains mentions of the leaks but does not go into detail about the content of the leaks.
Twitter user, PixelButts explains through a thread how every Naughty Dog game has a “final” patch which also contains an Amazon AWS key. This can be paired with a secret bucket ID to give the user access to the server’s contents. Apparently, PixelButts was told this vulnerability was discovered sometime in January 2020. The hackers took advantage of this, saving all dev content related to previous Naughty Dog games.
This vulnerability was discovered recently and some hackers took full advantage of it, saving TLOU1, UC3, and other dev stuff.
At the time, it was disclosed to me around early February, and was very early on so ~January 2020 it was discovered
— PixelButts (@PixelButts) May 3, 2020
Speaking to Kotaku through DMs, PixelButts clarifies that, “The UC3 [Uncharted 3] key got them UC3 development material, and UC2’s key did the same, but there was some TLOU1 content mixed into UC3’s server, It wasn’t too much of a stretch to think TLOU1’s server would have TLOU2 material.”
Around March 2020, apparently 1-3TB of keys and data had been saved. By the time the leaks made their way online last month, PixelButts states that the timestamps on the leaked footage match the dates that the vulnerability was discovered. PixelButts states that a source told them that after the leaks went live, Naughty Dog changed the keys, meaning that no other keys will now work.
Come may 30th, late at night, the source that disclosed this to me stated that the key had changed so ND for sure knew how to resolve this issue, and no keys work with the bucket IDs now.
This is good but theres more
— PixelButts (@PixelButts) May 3, 2020
PixelButts clarifies that the source speaking to them had no involvement in the leaks, but they and their circle shared information about the vulnerability and that led to another party making use of this information and thus, leaking the material.
Jason Schreier took to Twitter on May 3 who says he had spoken with two people who had direct knowledge of how The Last of Us Part 2 was leaked. He explains that hackers used the vulnerability that was described by PixelButts to gain access to older Naughty Dog games which gained them access to the servers.
OK: After talking to two people with direct knowledge of how TLOU2 leaked as well as some Naughty Dog employees, I have a good idea of what happened. Short version: hackers found a security vulnerability in a patch for an older ND game and used it to get access to ND’s servers.
— Jason Schreier (@jasonschreier) May 3, 2020
While both Jason and PixelButts reference the security vulnerability patch, and PixelButts mentions that “dates from discovery and disclosure match with timestamps in the footage as well.” However, some users have posted screenshots of the footage showing a timestamp reading, “Wednesday 4, @April 1 2020, 22:29:53”. And as someone who has watched The Last of Us Part 2 leaked footage for a better understanding, these are true.
However, I’m under the impression that the vulnerability was accessible to the hackers for a long time and additional material was downloaded in early April which is why some footage contains earlier timestamps. After all, PixelButts claims the keys were made redundant on April 30 (Their tweet states May 30, but I think that’s just a typo.)
Despite all this, Sony claims to have found the persons responsible for the leak. Content is still being posted online so it’s still not entirely safe if you’re avoiding spoilers, however, videos are being pulled down on various social channels with copyright notices.
People are still clinging to the story that the leaks were from employees at Naughty Dog, some even claiming it was a contractor who was robbed of pay. Schreier claims to know that Naughty Dog “actually extended pay and healthcare benefits for contractors due to covid”.
The Last of Us Part 2 is due to be arriving exclusively for PS4 in June.