Busted: Rockstar Restoring Stolen GTA V Online Accounts

You may have heard whispers, grumbles, and screams from Grand Theft Auto V [official site] players who found naughty strangers had somehow hijacked their Rockstar Games Social Club accounts, changing the password and recovery e-mail address. They were left unable to play online. Rockstar have sworn blind that they haven’t been hacked, rather that the bandits had used logins yoinked for other websites and databases that’d been hacked. Rockstar were slow to respond, but now have a plan to deal with it.

They’ve temporarily disabled the ability to change an account’s e-mail addresses, and say they’re trying to restore already-hacked accounts to their rightful owner within 24 hours.

A note on the Rockstar support site explains:

“We are aware that unauthorized attempts have been made to access Rockstar Games Social Club accounts using email and password combinations sourced from unaffiliated, compromised websites or databases elsewhere on the internet. For the accounts affected, we are in the process of reverting those accounts back to their original owners. As a result, the ability to change email addresses for Social Club accounts has been temporarily disabled … As a reminder, it is a good policy to ensure that the Rockstar Games Social Club account username and password is not shared across multiple websites on the internet. For accounts affected with this issue, we are working to respond to customers to reinstate full user access within 24 hours of contacting Customer Support.”

Really, really do use unique logins for each and every online account. I’d recommending using something like LastPass or KeePass to generate unique, complex passwords and save them.

I have seen a few people say that they lost their accounts despite using a unique password for their Rockstar account, which is curious but doesn’t mean Rockstar were hacked.

17 Comments

  1. Stulander says:

    It’d be nice if they fixed the awful multiplayer issues…

    • FurryLippedSquid says:

      I never had a problem but my nephew couldn’t stay in a session longer than a few minutes. I formatted his PC and it’s been A-OK since. A somewhat drastic solution, no doubt, but it worked.

  2. int says:

    Does this fall under the same category as the guy who streamed his key for everyone to see?

  3. Premium User Badge

    Mungrul says:

    Okay, now I’m worried.

    I was getting the whole “You have been logged out because your account has been signed in at another location” bollocks, even after changing my password the first time I received this error.
    I changed my password again just a couple of days ago and haven’t had this error since.

    Does this mean that if my account really has been fraudulently used by someone else, if they issue a counter claim they’ll end up with my account, even though I’m the legitimate owner?

    I’m still not convinced that Rockstar haven’t been hacked to be honest. I just think they haven’t noticed.
    As mentioned previously, all of my online accounts have different passwords.
    Even after receiving this error once and successfully changing my password, I still got this error.
    When changing my password, even though my email address was listed on my Social Club account as being the contact mail, I received no emails notifying me my password had been changed.

    On top of this, I’m appalled with the security flaws in Social Club accounts.
    Firstly, and this is unacceptable in this day and age, there’s no 2-factor authentication on Social Club accounts.
    Secondly, passwords can only be between 8 to 16 characters long and the list of non-standard characters accepted is ridiculously low.

    Given they have been this incompetent in the past, I can’t honestly trust them not to screw this newest move up completely.

    • Dinjoralo says:

      That error is kind of a catch-all most of the time. It throws that up whenever the game crashes or otherwise exits in a way that isn’t in-game. Try terminating the game’s process (not application) from task manager, it’ll say someone else logged into your account.

  4. Premium User Badge

    Wisq says:

    At the risk of sounding like an advert, I strongly recommend 1Password if you’re running a Mac. Great browser integration, a menubar “mini” version you can leave running, as well as an iOS app. I sync my (encrypted) password repo using Dropbox.

    Other nifty features too, like a way to tell if multiple sites use the same password, which accounts have less-secure passwords, and they even added a compromise feature that tells you which passwords were created before a particular breach (e.g. Heartbleed) on sites that might have been affected by it.

    (It has a Windows version, but there’s no way I’m trusting my Windows gaming box with my password repository, so I can’t speak for it. I copy passwords in as-needed via a network clipboard app. Also an Android app, but I can’t speak for that either. No Linux version AFAIK, sorry — maybe it works under Wine.)

    But yes, no matter what, use a password manager. Give every site a long (20+, ideally 30+ or even 50+ iike I use), random, unique password. The only site that should have a memorable password is your password manager itself, and wherever you sync your passwords to.

    • Dare_Wreck says:

      > but there’s no way I’m trusting my Windows gaming box with my password repository

      Er, what? You trust a network clipboard application, which is probably inherently open to snooping on the network, over a dedicated password locker program? Out of curiosity, why are you so averse to putting one on your gaming PC?

  5. Freud says:

    A small price to pay for the awesomeness of being a member of the Rockstar Social Club, which is not just a forced membership in what is basically is a game launcher.

  6. Artist says:

    Not a big problem to get the login data from certain players.
    You would be astonished how many players use their game login data on any other (fan)-forums. And you only hope that its only kids that do that mistake.
    Theres an amazing number of community sites that only exist to farm the data from those fools.

  7. Dale Winton says:

    I don’t think you can really blame rockstar for this as it was email accounts that were hacked rather than the pointless social club thing

    • Premium User Badge

      Mungrul says:

      Really? That’s surprising seeing as my Social Club account is tied to my Gmail which has 2-factor authentication.

  8. alms says:

    Using randomly generated passwords in games is often an annoyance, as there is no way (that I know of) to have the password field filled automatically. Some games offer an option to remember the password, but that’s not always the case.

  9. racccoon says:

    I wrote a ticket to Rockstar about all the problems I had with game & the zlib crash plus a few other things, I placed in it that I was going to ask for a refund if these weren’t fixed.
    I go a reply the two days later (the other day)
    it was a simple email answer
    Please go to your retailer and get a refund! best regards whoever the fuck they were!! W T F!

    No explanation for a resolution to my issues, alongside no apology for my time lost and game interference which the zlib caused me to not being able to play the next mission, nothing of at all!
    Just a…. go to your retailer and get a refund.!?!?
    What sort of service is this!?!
    I could not believe they only saw one word of my 400 word +, never once stating a fix was becoming available or that they were working on one. …mind boggles
    Its quiet obvious that Rockstar has its head right up its arse with far too much money pouring their way.
    Their service in support is mind blowing.

    • Jediben says:

      Your £39.99 isn’t worth the cost of fixing it. It’s called capitalism.

    • Sam says:

      I was able to fix a “zlib” error by redownloading one of the lumps of data that make up the game world. This page has MD5 checksums for all the .RPFs ( link to reddit.com ) and one of mine didn’t match. I deleted it which caused the launcher to re-download that part, then it worked. However! Those are the checksums for the data on release, we’ve had a couple of patches since then so I’m afraid it might be out of date. You can just redownload the whole lot, but that’s a lot of downloading.

      Why their launcher didn’t do some checksum checking itself is a mystery. But it probably has a similar explanation to why they have a 12 character max password length and why an account can be transferred without even an automated email confirmation.

  10. Enceladus says:

    Funny you talk about password security because the security for Social Club is a joke. They don’t allow for long or overly complex passwords given that you can only use alphanumeric and the underscore as characters.

    Anyways, last time I waste my money on Rockstar since they certainly don’t care about the security of their customers accounts.