Jump to content
GTAForums does NOT endorse or allow any kind of GTA Online modding, mod menus, tools or account selling/hacking. Do NOT post them here or advertise them, as per the forum rules.

Hackers still have access to R*: they stole my crew and deleted my account even though I had two-step verification on it


MCbcMC2005

Recommended Posts

Hi,

as you all know, there was a huge leak of footage from the upcoming GTA game. The young man responsible for this is, apparently, in police custody. This whole sh*tshow has shown us that information security is probably not of highest concern to Rockstar and T2 (see 2K hack which happened shortly after GTA6 leaks)

However, this is not the only problem at hand with Rockstar's games and services in general, and YOU should be worried too, because YOUR accounts may be compromised in a matter of minutes, and you can't do anything to protect yourself (except for not giving any of your data to Rockstar).

 

Now here's the story: for the last few years I have been the leader of a crew named "Instytut Lorenca". A crew like any other, but what made it special was its' two-character crew tag - "IL". As of now it is probably the only crew on Social Club with a two-character tag. Over time I have received many sale offers or inquiries about this crew, which I have ignored or dismissed, because the crew was not for sale. Apparently, someone - most likely a group of hackers - have decided to use a bit less legal means to take over it

 

cpE3wBY.png

 

At the beginning of September I have received an e-mail from Social Club that my e-mail address assigned to the SC account with leadership privileges for IL crew has been changed. Unfortunately, I have noticed it only yesterday. An unknown perpetrator has ceded the leadership privileges of the crew to himself, and changed the description of my account. The first thing I did when I noticed the hack, was to contact Rockstar Support to get both my account and the crew back. As you could probably guess, they weren't particularly helpful. I have thoroughly described the problem to them and gave them all the information they could possibly need to verify my ownership of the account - their first response was to ask precisely for the same data I have provided in the initial message.

 

My access to the account was restored, and I have changed the password and set up 2-factor authentication. Unfortunately, the support guy completely ignored my request to restore my leadership privileges over the IL crew. 

 

So I decided to make another ticket to deal with the crew issue specifically. However, before I have received an answer, the account was compromised AGAIN, as I have received an e-mail about my 2FA being disabled. The account was most likely wiped out of existence - we could not find it by means available to us.

 

Usually, if you want to delete your account from RGSC, you must send them a confirmation e-mail from your e-mail address. My address was not hacked, as the only device that was used to gain access to it, was my own. 

 

Before you may ask - my PC or phone show no signs of being compromised. Besides, I have used a different device to change the SC account's data. I am an IT employee so I have at least some minimal knowledge about IT security. 

 

Rockstar Support seems to ignore the issue and to me it is very likely that there are still some major security holes in their systems which allow to take over any account and delete it. Just like that. And Rockstar will do nothing.

 

This is a major threat to everyone who wans to use Social Club. Security at Rockstar is laughable, not to mention their support. Not to mention the possible user data leaks - including yours.

 

TL;DR: my crew has been stolen by hackers and my account deleted despite any security measures an end user could take

Link to comment
Share on other sites

How do you know they didn't have access to your email. Maybe they intentionally didn't change the details so they can further abuse it. Which as it seems was a useful move.  Regardless try moving your case to upper tiers of support/use only live chat. Even if your acc is deleted, they do have backups months back.

Edited by ambi3nt
Link to comment
Share on other sites

57 minutes ago, ambi3nt said:

How do you know they didn't have access to your email.

 

I checked redirection and security settings on gmail, especially account login history. On this account was only my device and my IP.

If they know my mail password they don't need to change e-mail on social club account.

 

Support has a lot of problems reading messages.... They act like bots.

I sent to support information about my mail, nickname and date of account theft.... in response they asked me about.... mail.... nickname... and the date... the same information that was included in the previous message.

 

Link to comment
Share on other sites

On 9/25/2022 at 8:46 PM, MCbcMC2005 said:

TL;DR: my crew has been stolen by hackers and my account deleted despite any security measures an end user could take

During the recent event "eCola vs Sprunk" official R* crews were hacked.

My friend had access to his crew blocked. Was there a hack or not - is unknown. Nothing has been changed in the gang, he just cannot enter the settings.

So it's a common thing now. Unfortunately. 

Link to comment
Share on other sites

On 9/26/2022 at 12:18 PM, ambi3nt said:

Here is a link which allows you to live chat

I took advantage of this option, thanks for the link.


I spoke with someone from support by phone. I presented the situation. The nice gentleman from support said that this is the first time he has seen such a problem - after all, my account was deleted without any authorization and without any request in their system.

He referred the matter higher up, but stipulated that he could not promise that the crew would be returned to me. I may have to wait up to 7 days for a response.

However, something he said about my account is interesting. According to him, the history of the account states that it was set up with an email in the XYZ domain. And this is very interesting because I never used this email... It looks as if the hacker was able to overwrite my account information....

 

Link to comment
Share on other sites

What's kind of interesting is if you go to recent notifications of that crew in here https://socialclub.rockstargames.com/crew/instytut_lorenca/hierarchy, you can see how users got demoted by "Rockstar Games" twice to commissioner. Yeah, this could relate to that problem mentioned above, but then the actual user account got deleted simultaneously which is getting rather sussy.

Link to comment
Share on other sites

  • 2 weeks later...

Update: R* restored my account, but they cannot (or don't want) confirm that this crew was mine so my crew is still in hackers hands :/

Quote

I have restored the deleted account MCbcMC2005. However, we are unable to confirm that you were the original owner of the crew Instytut Lorenca and we will not be able yo help you with this.

But on crew webpage there is information that my account was leader... Rockstar Support is the most useless part of Rockstar Games company.

spacer.png

They can't read with understanding and are completely unwilling to analyze problems. And the problem is real because it can affect anyone and nothing can be done about it.

I don't know myself anymore what to do to get the crew back and for someone from Rockstar to pay attention at all.

In particular, the account today may be and tomorrow the hackers will delete it again.

Edited by MCbcMC2005
Link to comment
Share on other sites

From my general understanding of the support system, most of the agents responding to you don't work directly for Rockstar. Third-party / outsourced.

 

They are limited in what they can do. The ones who work for and have direct communication with Rockstar are the Administrators. Back in 2015, there were only 3 or 4 of them. Your best bet is for them to notice your report.

 

There are only few cases where I saw an admin taking over. But once that happened, the actual issue was either resolved quickly or a proper response, addressing what you complain about, is given without having to go back and forth.

Edited by Tez2
Link to comment
Share on other sites

My last conversation with Support before someone took care of the problem was by phone. Then I asked questions on what basis my account was deleted when I didn't ask for it. It wasn't until the live call that the agent noticed that there was seriously something wrong here and sent it higher. I waited a very long time for a response from the Tier 3 agent and the account was restored to me, but the crew was not (even though you can see in the system that it belonged to me).

 

I would like to contact someone from R* directly but on their website they have no information on how to get to someone from the security department. I've already lost my crew, how many more crews need to be stolen for someone at R* to address the issue?

Link to comment
Share on other sites

interesting how they couldn't solve your problem for 2 weeks but when Tez posted it on twitter it was immediately solved

Edited by ezmegaz68
Link to comment
Share on other sites

2 minutes ago, ezmegaz68 said:

interesting how after 2 weeks they immediately solved your problem when Tez posted it on twitter

THEY NOT SOLVED MY PROBLEM - my crew is still not assigned to my account

Link to comment
Share on other sites

2 minutes ago, MCbcMC2005 said:

THEY NOT SOLVED MY PROBLEM - my crew is still not assigned to my account

well they solved some of it

that's already more than you can expect from them unfortunately

Link to comment
Share on other sites

Well, this indeed is a strange situation, seems like I thankfully don't have to contact R* support anyway lmao

 

 

 

 

Link to comment
Share on other sites

good riddance. and a whole lot of distorted truth /shrug

 

more interesting how they couldn't solve your problem for 2 weeks but when Tez2 posted it removed his previous tweet on twitter it was immediately solved after this was posted 🥵

 

tdlr should have gotten rid for good

cockstar, time to step up your game and confuse 'em clowns 🤣

Edited by gtataeI
Link to comment
Share on other sites

those two letters brought a lot of attention to your crew

that's the reason it was particularly your crew hacked

https://gtaforums.com/topic/979683-2-letter-crewtag/

already in january someone was interested in it

if rockstar employee didn't delete it, then someone else or group of people, who knows some backdoor to their servers, which is normal, every server system have some backdoor and some people know about it but they do not abuse their knowledge, the problem will be bigger when it will appear on some hacking forum for a bigger audience, including 15 years old hackers

Link to comment
Share on other sites

  • 4 months later...
12 hours ago, MCbcMC2005 said:

My account was stolen again. 2-steps verification and 20+ chars password is not safe... again...

Out of curiosity, is the email you are using for SC at the moment the original you've used from the start? This legit seems like some way they got/can get info about those and then phish out info from R* "support" idiots. After all 2FA can also be disabled via email. This could go to the extent where they even change some symbols for it to look a like lmao.

Link to comment
Share on other sites

10 minutes ago, MCbcMC2005 said:

@ambi3nt I thought so too, but they also gained access to Rockstar's team. Official. To which only studio employees have access.

https://socialclub.rockstargames.com/crew/Rockstar_Games

 

spacer.png

they seem to have had access for a while now, a lot longer these posts have been around, theres hierachy changes that go back 2 months at least, and could go back further that it just isnt showing

apo6h0w.png

Link to comment
Share on other sites

That crew is (was) actually only used for the R* public community streams back then, as internal developer accounts all reside in private, developer versions of the Social Club (dev.xxx.rockstargames.com). Although whoever is perusing these exploits may have access to that crew, all they'll see is public community manager accounts, public-side generic dev accounts used in multiplayer matches since the 2010's (e.g. MaxPayneDevX but those accounts don't have special permissions or dev access) and other community members' accounts, however if they do have access they'll certainly try and sell that access.

 

After talking to some people and digging this seems to be one of these weird account/rank/crew selling groups, but exactly what is being exploited here is unknown, and it may not be actual account hacking but access/manipulation via other avenues such as Support agents. Some of the accounts that have posted in the R* official wall are very new as well (large Rockstar ID's), and they all have names that would have been registered by other people many years ago, so whatever is happening here seems organised and they seem to be hijacking names.

 

These seem to be the same people behind other similar exploits last year and even previous year - based on that list above it looks like they had access before but someone couldn't shut their trap for the clout and potential money I guess.

  • Like 2
Link to comment
Share on other sites

My crew was removed and recreated again by hacker. Without "IL" crew tag. I have not access ofc.

Fp_ZagSX0AA_r6l?format=png&name=large

Edited by MCbcMC2005
  • WTF?! 1
  • KEKW 1
Link to comment
Share on other sites

logan-mcgee

for some reason, rockstar still hasnt fixed the crew, and accounts have continued to have been invited it seems:
spacer.pngspacer.png


all these accounts arent that recent, so im presuming for the accounts suffixed with _RSG they managed to get them renamed:
 

Ari_RSG       : 2022-11-03T17:18:10.7  - 2022-11-03T17:18:12.23
Nico_RSG      : 2022-05-22T21:05:54.88 - 2022-05-22T21:05:58.35
Endvelope     : 2022-01-28T11:26:37.8  - 2022-01-28T11:26:40.56
BadsportDunce : 2021-06-01T18:39:17.47 - 2021-06-01T18:39:19.38
Developer     : 2019-02-21T02:21:56.08 - 2019-02-21T02:22:02.99
RSG-Dev       : 2015-10-13T16:43:26.54 - 2015-10-13T16:43:27.75
THATGUY-GOOD  : 2015-09-18T22:22:43.06 - 2015-09-18T22:22:45.64

 

Edited by logan-mcgee
Link to comment
Share on other sites

BakeWithMe1000

I wonder why there is so little attention to this issue? It seems like the hackers only did a few crews that where special like the Rockstar one and deleted it now

Link to comment
Share on other sites

Spider-Vice

The R* crew was deleted by themselves. No one in that crew had access to deleting it unlike the IL crew, not even the Rockstar CM's had Leader status as it was a special "system crew". It's not like R* has been using it anyway, it was merely for stream get-togethers.

 

All the "hackers" could do in the R* crew is insert people with Commissioner status or remove them, just for ego points for having a crew tag that says RSG and being alongside the R* CM crew. They couldn't delete that one.

  • Like 1
Link to comment
Share on other sites

  • 2 weeks later...
On 3/6/2023 at 10:24 AM, logan-mcgee said:

for some reason, rockstar still hasnt fixed the crew, and accounts have continued to have been invited it seems:
spacer.pngspacer.png


all these accounts arent that recent, so im presuming for the accounts suffixed with _RSG they managed to get them renamed:
 

Ari_RSG       : 2022-11-03T17:18:10.7  - 2022-11-03T17:18:12.23
Nico_RSG      : 2022-05-22T21:05:54.88 - 2022-05-22T21:05:58.35
Endvelope     : 2022-01-28T11:26:37.8  - 2022-01-28T11:26:40.56
BadsportDunce : 2021-06-01T18:39:17.47 - 2021-06-01T18:39:19.38
Developer     : 2019-02-21T02:21:56.08 - 2019-02-21T02:22:02.99
RSG-Dev       : 2015-10-13T16:43:26.54 - 2015-10-13T16:43:27.75
THATGUY-GOOD  : 2015-09-18T22:22:43.06 - 2015-09-18T22:22:45.64

 

Hello could you message me, i cant message you, or tell me where i can contact you, i need to ask you something

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • 1 User Currently Viewing
    0 members, 0 Anonymous, 1 Guest

×
×
  • Create New...

Important Information

By using GTAForums.com, you agree to our Terms of Use and Privacy Policy.