Cyber Incident Victim: Naughty Dog
Date:
Jan 2020
Location:
United States of America
Summary
A security flaw in game patches from Naughty Dog exposed Amazon S3 buckets containing unreleased content for an upcoming title, enabling unauthorized access to development assets. Hackers exploited embedded AWS keys in the patches to extract over 1TB of data, including spoiler footage that was subsequently leaked online. The vulnerability, discovered months prior and reported to the developer, originated from multiplayer servers for an older game that also housed material from the new project. Initial actors accessed the servers but did not leak the content; third parties who obtained the data later disseminated it publicly. The developer remediated the access vector shortly after the leak occurred, and investigators identified the primary leakers as unaffiliated with the organization.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In early 2020, a security vulnerability in game patches developed by Naughty Dog enabled unauthorized access to the company’s Amazon S3 cloud storage buckets. The flaw involved the inclusion of an Amazon Web Services (AWS) key within final patches for older games, including Uncharted 3. Each game’s patch contained a unique key granting full access to its corresponding S3 bucket. According to a game tester known as PixelButts, this vulnerability was discovered by external actors in January 2020. PixelButts learned of the issue in early February and disclosed it to Naughty Dog that same month. Hackers exploited the flaw to access servers used for Uncharted’s multiplayer functionality, which also housed development assets from *The Last of Us Part II* (TLoU2). By March, attackers had extracted at least 1TB of data, including unreleased content from the upcoming game. The compromised material included spoiler-filled footage and developer code, which began circulating online in late April 2020. Initial speculation suggested a disgruntled former employee was responsible, but PixelButts clarified that the individuals who discovered the flaw were separate from those who leaked the content.
The leaked footage spread rapidly across gaming forums and social media, prompting widespread discussion about its authenticity and impact on the game’s scheduled release. On April 27, Naughty Dog issued a public statement urging fans to avoid spoilers and await the official launch. Sony Interactive Entertainment (SIE) later confirmed to Polygon that the primary leakers were unrelated to Naughty Dog or SIE. Evidence indicated the AWS access had been revoked by April 30, suggesting remediation efforts were underway. Former Kotaku editor Jason Schreier corroborated the breach’s origins, citing sources with direct knowledge of the incident. The leak exposed developmental materials for TLoU2 as well as legacy content from *The Last of Us Part I*, which had been stored alongside Uncharted 3 assets. While the initial hackers reportedly avoided leaking the data themselves, secondary actors disseminated the stolen content. Naughty Dog emphasized that the final game experience would remain uncompromised despite the premature disclosure.