Patch vulnerability reportedly led to The Last of Us Part II leak

Patch vulnerability reportedly led to The Last of Us Part II leak 1
In a nutshell: Sony says that it was someone outside of SIE or Naughty Dog leaked the TLoU2 spoiler footage last week, but would not elaborate. Multiple sources claim the assets were obtained through a security vulnerability coded into older ND games patches. Hackers dumping the code allegedly found AWS passwords to Naughty Dog servers.

Last week, game-ruining spoilers leaked for The Last of Us Part II, including the ending. Rumors were that an angry Naughty Dog employee had posted the game footage. The studio later issued an apology without acknowledging the alleged source of the leak.

On Friday, a Sony spokesperson said the company had “identified” the source of the leak and that it did not originate from within Naughty Dog or Sony Interactive Entertainment.

“SIE has identified the primary individuals responsible for the unauthorized release of TLOU2 assets,” the Sony rep told Polygon. “They are not affiliated with Naughty Dog or SIE. We are unable to comment further because the information is subject to an on-going [sic] investigation.”

Then on Saturday, a Twitter user going by the handle “PixelButts” claimed to know those who did the leaking and revealed how they obtained the footage.

In a series of tweets, PixelButts explained that a hacker group consisting of Naughty Dog enthusiasts had discovered an exploit in January that allowed them to access ND’s AWS servers. It seemed that password information was coded into some of ND’s game patches including Uncharted 3 and The Last of Us. Both games access the servers for online play but also had file fetching functionality. The hackers allegedly used this to steal at least one terabyte of The Last of Us Part II assets.

“Every ND game has a ‘final’ patch that is pushed to the game that contains an Amazon AWS key, that when paired with a secret bucket ID, it will give full access to the server’s contents. There’s a different key and bucket ID per game, this is important,” tweeted PixelButts. “[The hackers] were trying to dump TLOU1 in an effort to get that games key as UC3 had TLOU1 material, so surely TLOU1 had TLOU2?”

On Sunday, former Kotaku editor Jason Schreier tweeted that he had talked to two people with “direct knowledge” of the hack who confirmed this was how the footage obtained. He also spoke with a few Naughty Dog employees who validated the claims.

Neither Sony nor Naughty Dog has officially confirmed these reports, likely because of the ongoing investigation. However, with SIE already admitting it was an outside job, the explanation appears credible. Although, it does seem odd that enthusiasts for the game would leak such damaging spoilers for it. PixelButts claims he does not think someone from the group was responsible.

“I’ve been watching this for about 3 months now, and after speaking to a first hand source of this, my only conclusion is they (and their immediate circle) did not leak it, but shared information relating to what I described, and another party proceeded to leak such material,” he tweeted.

PixelButt believes someone else became informed of the vulnerability, just as he did, and used the exploit to grab and expose the spoiler footage. Of course, until Sony concludes its investigation and releases more information, this is just speculatory.

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews



Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Millions in Cryptocurrency Stolen by Scammers in the Last Month According to Tenable Research
November 24, 2021
Behind The Scenes: How this Crypto Community Responded to + $50m Hack
October 18, 2021
Crypto Scams
Crypto Scams Still Persistent In 2021, SEC Warns About Red Flags To Watch
September 9, 2021
Poly Network
Here’s How Hackers Stole Over $600 million in the Poly Network Attack
August 12, 2021
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021

Blockchain/Cryptocurrency Questions and Answers

Crypto casinos
How Does Bitcoin Casino Work + 2021 Beginner’s Guide
November 8, 2021
Cryptocurrency
How to Buy and Sell Cryptocurrency
November 8, 2021
What Are Bitcoin Futures And How Will They Work In 2022?
November 4, 2021
Ethereum
The Unconventional Guide to Ethereum
October 28, 2021
ICo Presale
The Science Behind ICO Presales…
October 14, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin58,346 0.23 % 1.93 % 3.47 %
Ethereum4,669.0 1.14 % 7.42 % 13.85 %
Binance Coin627.16 0.38 % 0.83 % 12.00 %
Tether0.9986 0.03 % 0.08 % 0.23 %
Solana214.48 0.36 % 2.80 % 0.89 %
Cardano1.610 0.68 % 1.69 % 9.63 %
XRP1.020 0.87 % 4.21 % 1.70 %
Polkadot30.87 2.19 % 17.29 % 10.73 %
USD Coin1.000 0.14 % 0.20 % 0.17 %
Dogecoin0.2215 0.68 % 1.42 % 7.23 %

bitcoin
Bitcoin (BTC) $ 58,556.00
ethereum
Ethereum (ETH) $ 4,668.67
binance-coin
Binance Coin (BNB) $ 628.98
tether
Tether (USDT) $ 1.00
solana
Solana (SOL) $ 215.54
cardano
Cardano (ADA) $ 1.61
xrp
XRP (XRP) $ 1.02
polkadot
Polkadot (DOT) $ 37.80
usd-coin
USD Coin (USDC) $ 1.00
dogecoin
Dogecoin (DOGE) $ 0.222198