Pokémon developer Game Freak is the latest to be breached. Tons of unpublished content has leaked online.
Over the weekend, Pokémon source code, art, and other documentation quickly spread across social media and other internet forums. Where did it come from? Game Freak confirmed last week it had been hacked, with more than 2,600 pieces of employee data taken. It didn’t confirm the massive heist of its game data, though, but the game data likely originates from that same breach. A hacker alleged they’d acquired 1 TB of data, including source code for Pokémon Legends: Z-A and the next-generation Pokémon games, on top of builds of older games, concept art, and lore documents. Troves of information have already been released — and more will be uploaded to the internet, according to the hacker.
Simply put, this is likely one of the biggest leaks in Pokémon history. It rivals notorious ransomware group Rhysida’s 1.67 TB leak of hacked Insomniac Games data, which was released in December last year, and a Rockstar Games hack from 2022 in which unfinished Grand Theft Auto 6 footage was published early. These hacks are always huge news because the video game industry is famously secretive, building hype through carefully planned teasers, trailers, and announcements. That hype is valuable to developers and publishers, but also to leakers looking for clout online, hackers looking for ransom, and players eager to consume anything about their favorite franchise. But how does this keep happening?
Phishing attempts happen a lot, and they’re not unique to Game Freak or any other video game company, Akamai cybersecurity researcher Stiv Kupchik told Polygon. But the audience for leaked information is huge, which means widespread attention. Video game fans clamor for this type of content.
“There’s intense interest by the fans of the product about what’s coming, what people are thinking, and so on and so forth,” said Justin Cappos, a New York University professor in the Tandon School of Engineering. “At least I know when I was a young boy and playing around with computer games and things like that, one of my favorite things to do was to break into my local copy of the game and reverse it and change it and make it do different things. So nowadays, there’s obviously a lot of people that are quite interested in this, and video games are especially an easy target, which also makes them attractive for people like cyber criminals.”
Cappos said video game companies often prioritize other things beyond security: They focus on systems that allow quick development, often using “large teams that tend to be overworked.
