GTA 6 Leaker Claims Source Code Still Online, No New Leaks Yet
The individual responsible for a massive leak of early gameplay footage from the highly anticipated Grand Theft Auto 6 has resurfaced online, reportedly using a smuggled phone from within a UK hospital prison. Arion Kurtaj, a British teen affiliated with the Lapsus$ ransomware group, shared photos of himself and discussed the potential availability of the game’s source code, raising renewed concerns about further breaches and potential disruption to Rockstar Games’ launch plans. The incident highlights the ongoing challenges of securing sensitive data, even within the confines of a high-security correctional facility.
The original leak, which occurred in September 2022, included a substantial amount of gameplay testing footage, showcasing weapons, vehicles, non-player characters (NPCs), and map locations. As Dexerto reported at the time, the scale of the breach was unprecedented, offering an early, albeit unauthorized, glimpse into the development of the next installment in the blockbuster Grand Theft Auto series.
Source Code Claims and Ongoing Risk
Kurtaj’s recent activity, documented through Snapchat photos surfacing on March 8th, shows him at his cell door and seated on his bed, accompanied by captions referencing his imprisonment and a “bullshit hacking charge.” More significantly, messages exchanged between Kurtaj and another individual, identified as Omar, suggest that the GTA 6 source code may still be accessible online. Kurtaj stated the code is “Definitely somewhere,” adding, “Engaging, no further comment on that matter.”
This claim, while unverified, is particularly concerning. Access to the source code would provide leakers with a far deeper understanding of the game’s inner workings, potentially enabling the release of even more extensive and damaging leaks. It could also allow for the creation of unauthorized modifications or even the introduction of malicious code.
The possibility of further leaks isn’t merely speculative. In late 2023, Kurtaj was sentenced to indefinite confinement in a hospital prison, a decision based on the court’s assessment that he “remained a high risk to the public.” Dexerto detailed the sentencing, which followed threats made by Kurtaj to hack Rockstar Games again upon potential release. The fact that he has managed to communicate and share information from within a secure facility underscores the difficulty of completely isolating individuals with advanced technical skills.
The Lapsus$ Group and Previous Breaches
Kurtaj’s involvement in the GTA 6 leak is rooted in his association with the Lapsus$ hacking group. This group gained notoriety for targeting a range of high-profile organizations, including Microsoft, Nvidia, and Okta. Lapsus$ typically employed social engineering tactics and credential stuffing to gain access to systems, rather than relying on sophisticated exploits. Their methods often involved impersonating employees or administrators to obtain login credentials.
The group’s activities weren’t solely focused on data theft. They also engaged in extortion, threatening to release stolen data unless a ransom was paid. However, their operations were ultimately disrupted by law enforcement agencies in multiple countries, leading to the arrest of several members, including Kurtaj.
Prior to the GTA 6 leak, the source code for Grand Theft Auto 5 was reportedly compromised in 2023, with files related to GTA 6 and a potential Bully 2 also discovered. Dexerto covered the earlier leak, noting that the link to the compromised code was quickly taken down, but copies had already proliferated across the internet. This incident demonstrated the vulnerability of even established game franchises to source code leaks.
Implications for Rockstar Games and the Gaming Industry
The continued threat of leaks poses significant challenges for Rockstar Games. Beyond the potential for spoilers and the disruption of marketing plans, a source code breach could compromise the integrity of the game itself. Malicious actors could potentially introduce vulnerabilities or modify the game in unauthorized ways.
The situation also raises broader questions about the security practices within the gaming industry. Game development studios often handle vast amounts of sensitive data, including source code, design documents, and player information. Protecting this data requires robust security measures, including strong access controls, regular security audits, and employee training. The fact that Kurtaj, even while incarcerated, has been able to communicate and potentially access information raises concerns about the effectiveness of current security protocols.
Adding to the complexity, a recent post on X (formerly Twitter) from user @omxr76 suggests that the delays surrounding the release of GTA 6 may be linked to the ongoing presence of the stolen source code. The user claims that the code has been “gatekept” for 3.5 years, leading Rockstar to postpone the game’s launch out of concern for potential issues. While this claim remains unverified, it highlights the potential impact of the leak on the game’s development timeline.
Probably yes that they’ve played with the source code, it’s been 3.5 years since they have it gatekeeped. That’s why rockstar has been delaying a lot. And they’re worried
— mxr (@omxr76) March 9, 2026
What Comes Next: Containment and Investigation
Rockstar Games has not yet issued a public statement regarding Kurtaj’s recent activity. However, We see likely that the company is conducting a thorough investigation to assess the extent of any potential compromise. This investigation will likely involve examining the source code for any signs of tampering or unauthorized access, as well as reviewing security logs and access controls.
Law enforcement agencies are also likely to be involved, investigating how Kurtaj was able to access a phone within the prison and communicate with individuals outside. This incident will likely prompt a review of security protocols at the facility to prevent similar breaches in the future. The BBC reported that Kurtaj was given an indefinite hospital order, meaning his case will continue to be monitored and assessed.
For the gaming community, the situation serves as a reminder of the risks associated with data breaches and the importance of protecting sensitive information. While the full extent of the impact remains to be seen, the incident underscores the need for continued vigilance and robust security measures within the industry.
