#data-leak

Leak-site analysis shows SafePay ransomware overwhelmingly targets small and mid-sized firms, especially service providers in tightly regulated regions where data exposure raises pressure.

Source: Flare

They were starting to feel itchy.

It'd been a few days since they got to Aspertia, and so far it felt- chaotic at best. There'd been alot of running around and back and forth all across the city like a trio of headless torchic, following whatever checklist Sasha had of where they could find things.

Their leg bounced restlessly against the tile floor as they were half-burying their face in their jacket. From where they were sat on a ledge by the window, they could see Sasha and Caleb talking to the poor desk attendant.

Thimble chattered at their ear, nudging their face with its little nubs. Reaching up, they grabbed it out of their hood and held it in their arms, while it kept nudging them. It could probably sense their nerves.

They could hear the cousins doing their "polite interrogation", and knew if they didn't get what they needed, they'd just take it.

Cory had helped with that a couple time now, (the "innocent lost kid with a cute sewaddle" thing worked almost better than it had in Driftveil), and it- arc why were they doing this?

And more than that, it'd been- alot. Running here and there and there and here and talking to that guy and this guy so much here there and everywhere and- okay maybe it was starting to wear on them a bit.

They dug their nails into their sleeves.

It felt like their nerves were durants crawling under their skin.

All this work, all this running around- what were they even after? (The guy, duh, obviously, but what then?)

She'd just said "We'll take care of it."

Across the room, Sasha and Caleb had left the counter, and were walking back towards the door, gesturing for them to go.

Biting their tongue, they got up and followed, one hand on their phone.

Why do you keep doing this? Just- No. They needed to know.

File: a video file from CoryPhone43bJ Recorded: 7:08pm, 23/3/2025

[ The view appears pointed mostly towards the ground, shaking from walking. The light was low, and the area appeared to be a backlot of some sort, or an alley.

Cory's shoes were visible in frame, and the audio was largely crunching footsteps on gravel and low conversation ahead of them.

Over 5,000 GitHub repos and 3,000 websites leaked ChatGPT API keys, enabling attackers to abuse AI services for inference, scams, and potential billing fraud.

Source: Cyble

A Google Cloud Monitoring flaw let attackers steal BigQuery data across tenants by abusing auto-running dashboard widgets.

Source: Tenable Research

The gaming industry is currently weathering a storm of high-profile security breaches, with one of the most notorious threat actors, ShinyHunters, leading a coordinated "pay or leak" extortion campaign. Among the primary targets is Rockstar Games, the titan behind the Grand Theft Auto series, which has fallen victim to a sophisticated data exfiltration attack targeting its cloud infrastructure.

The BigQuery Breach

Unlike traditional server hacks, the attack on Rockstar Games specifically targeted Google BigQuery instances. BigQuery is a serverless data warehouse used for massive-scale data analysis and business intelligence. By compromising these instances, attackers were able to bypass traditional perimeter defenses and exfiltrate structured data directly from the cloud backend.

This method of attack is particularly dangerous because it suggests a compromise of high-level service accounts or API keys, allowing the attackers to query and export vast amounts of data without triggering traditional "intrusion" alarms associated with file-system access.

The ShinyHunters Modus Operandi

The group responsible, ShinyHunters, has pivoted from simple data theft to a sophisticated "pay or leak" business model. Their strategy typically follows a specific pattern:

- Targeted Exfiltration: Using specialized tools to target cloud databases (like BigQuery) or third-party analytics platforms. - Proof of Possession: Leaking a small, high-impact sample of the data to prove the breach is real. - Extortion: Demanding significant cryptocurrency payments in exchange for the deletion of the data and a promise not to leak the rest. - Public Exposure: If the company refuses to pay, the data is sold on hacking forums or released publicly to maximize reputational damage.

Broader Context: The Gaming Security Crisis

The attack on Rockstar is not an isolated event. It is part of a wider trend where gaming companies are being targeted not just for their intellectual property (like source code), but for their massive datasets of user behavior, financial transactions, and internal corporate communications.

From the recent 155GB Forza Horizon 6 leak to the NVIDIA GFN.AM breach, the industry is seeing a convergence of three distinct threats: configuration errors in distribution (Steam preloads), regional partner vulnerabilities (GFN.AM), and direct cloud-infrastructure attacks (BigQuery).

Strategic Lessons for Cloud Infrastructure

The Rockstar incident serves as a critical lesson in cloud security management:

- Principle of Least Privilege (PoLP): Service accounts used for BigQuery should have the absolute minimum permissions required. "Administrative" keys should never be stored in environments where they can be easily leaked. - Monitoring and Alerting: Organizations must implement anomaly detection for data export. A sudden, massive export of data from a BigQuery instance should trigger an immediate high-severity alert. - API Key Rotation: Frequent rotation of cloud API keys and the use of short-lived credentials (like IAM roles) significantly reduces the window of opportunity for attackers. - Cloud Posture Management: Regular audits of cloud permissions and public access settings are mandatory in an era of "shadow" cloud instances.

Reflection

When a company as large as Rockstar Games is hit, it's a reminder that no amount of budget guarantees absolute security. The shift toward "data-centric" attacks—where the target isn't the server, but the database—means that security must move beyond the firewall and directly into the data layer.

A flaw in Google Cloud Logging allowed crafted Log Analytics URLs to exfiltrate cross-tenant BigQuery data, executing SQL queries with victim permissions until Google enforced manual execution and safety warnings.

Source: Tenable

A serious MongoDB vulnerability has been exploited to siphon credentials and internal data, forcing US federal agencies to confront widespread exposure across internet-facing databases.

Source: BleepingComputer

Security experts revealed seven ChatGPT vulnerabilities that let attackers steal private user data and manipulate AI responses through hidden prompt injections and memory hacks.

Source: Tenable