GTA Online has its own Dark Souls-style critical security vulnerability on PC

ski mask guys stealing money with a money print background — (Image credit: Rockstar Games)

Update: Rockstar has acknowledged "potential new exploits in GTA Online for PC" in a tweet from its support account, and says it will address them in a security-focused update.

We are aware of potential new exploits in GTA Online for PC, which we aim to resolve in an upcoming planned security-related Title Update. If you think you might have experienced any related issues, please reach out to Rockstar Support: https://t.co/Yqqj0SEDwaJanuary 23, 2023

Original story: The Rockstar Games-focused account Tez2 recently shared evidence of security vulnerabilities in Grand Theft Auto Online. A number of players have reported account progress being reversed, as well as being kicked or blocked from joining games on PC. There is a pinned post on the GTA Online subreddit dedicated to the issue and bringing it to Rockstar's attention, and the developer Speyedr, who created the custom GTA 5 firewall tool Guardian, warns that modders using the exploit are on the verge of achieving remote code execution through GTA Online, meaning that hackers could remotely activate malware on PCs running the game.

Tez2 has reported that Rockstar is aware of the issue and working on it, and we have reached out to Rockstar for comment.

The initial exploit as described by Tez2 allows a modder to take away another user's rank and in-game money, completely reset their account's progress, or even "corrupt" it in such a way that they are effectively banned from online play in a manner similar to the old Dark Souls item hacks.

One user on Twitter, @Bulkiboy, demonstrated being immediately kicked from their own GTA Online session after unlocking their Guardian firewall. Another, @Fluuffball, showed off gameplay from a purportedly "corrupted" account. Whenever connecting to GTA Online, the camera would zoom up into the air and just stay there, never connecting to the game.

As a fix for corrupted accounts, Tez2 stated that deleting the Rockstar Games folder from My Documents, then launching GTA Online should refresh profile data. Of course, until there is an official response from Rockstar, it's probably best to avoid GTA Online altogether.

Tez2 describes the exploit as "partial remote code execution," with the potential for further security-compromising advancements from hackers. Guardian creator Speyedr, meanwhile, seems to believe that the development of full remote code execution through GTA Online is imminent.

Speyedr's tool, Guardian, could potentially guard against the exploit, but the developer does not want users, especially those who may not know how to deploy it properly, taking the risk. Speydr has temporarily removed Guardian's files from GitHub, and encourages players to stay away from GTA Online until the issue is resolved.

The entire situation is highly reminiscent of the remote code execution vulnerability that led Bandai Namco to take down the Dark Souls series' multiplayer servers for over half a year. Similar to Speyedr and Guardian, Dark Souls has the Blue Sentinels security tool, and networking-savvy players discovering and reporting on the vulnerability is what spurred Bandai Namco to action. We will have further updates on the GTA Online story as it develops.

Ted has been thinking about PC games and bothering anyone who would listen with his thoughts on them ever since he booted up his sister's copy of Neverwinter Nights on the family computer. He is obsessed with all things CRPG and CRPG-adjacent, but has also covered esports, modding, and rare game collecting. When he's not playing or writing about games, you can find Ted lifting weights on his back porch. You can follow Ted on Bluesky.