Update: Rockstar has acknowledged "potential new exploits in GTA Online for PC" in a tweet (opens in new tab) from its support account, and says it will address them in a security-focused update.
We are aware of potential new exploits in GTA Online for PC, which we aim to resolve in an upcoming planned security-related Title Update. If you think you might have experienced any related issues, please reach out to Rockstar Support: https://t.co/Yqqj0SEDwaJanuary 23, 2023
Original story: The Rockstar Games-focused account Tez2 (opens in new tab) recently shared evidence of security vulnerabilities in Grand Theft Auto Online. A number of players have reported account progress being reversed, as well as being kicked or blocked from joining games on PC. There is a pinned post on the GTA Online subreddit (opens in new tab) dedicated to the issue and bringing it to Rockstar's attention, and the developer Speyedr (opens in new tab), who created the custom GTA 5 firewall tool Guardian (opens in new tab), warns that modders using the exploit are on the verge of achieving remote code execution through GTA Online, meaning that hackers could remotely activate malware on PCs running the game.
Tez2 has reported (opens in new tab) that Rockstar is aware of the issue and working on it, and we have reached out to Rockstar for comment.
The initial exploit as described by Tez2 allows a modder to take away another user's rank and in-game money, completely reset their account's progress, or even "corrupt" it in such a way that they are effectively banned from online play in a manner similar to the old Dark Souls item hacks.
One user on Twitter, @Bulkiboy (opens in new tab), demonstrated being immediately kicked from their own GTA Online session after unlocking their Guardian firewall. Another, @Fluuffball (opens in new tab), showed off gameplay from a purportedly "corrupted" account. Whenever connecting to GTA Online, the camera would zoom up into the air and just stay there, never connecting to the game.
As a fix for corrupted accounts, Tez2 stated (opens in new tab) that deleting the Rockstar Games folder from My Documents, then launching GTA Online should refresh profile data. Of course, until there is an official response from Rockstar, it's probably best to avoid GTA Online altogether.
Tez2 describes the exploit as "partial remote code execution," with the potential for further security-compromising advancements from hackers. Guardian creator Speyedr, meanwhile, seems to believe that the development of full remote code execution through GTA Online is imminent.
Speyedr's tool, Guardian, could potentially guard against the exploit, but the developer does not want users, especially those who may not know how to deploy it properly, taking the risk. Speydr has temporarily removed Guardian's files from GitHub (opens in new tab), and encourages players to stay away from GTA Online until the issue is resolved.
The entire situation is highly reminiscent of the remote code execution vulnerability that led Bandai Namco to take down the Dark Souls series' multiplayer servers (opens in new tab) for over half a year. Similar to Speyedr and Guardian, Dark Souls has the Blue Sentinels security tool, and networking-savvy players discovering and reporting on the vulnerability is what spurred Bandai Namco to action. We will have further updates on the GTA Online story as it develops.