Click to Skip Ad
Closing in...

‘The Last of Us Part II’ leak: Here’s how it happened

Published May 4th, 2020 7:05PM EDT
The Last of Us Part II leak
Image: Naughty Dog

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

  • The Last of Us Part II is one of the last major first-party releases for the PlayStation 4 ahead of the launch of the PlayStation 5 this holiday season.
  • In April, a major leak on YouTube spoiled some of the most important story moments from The Last of Us Part II, and some suspected that a disgruntled employee might be the culprit.
  • Multiple reports now say that hackers took advantage of a security vulnerability to gain access to Naughty Dog’s servers and steal at least 1TB of content.
  • Visit BGR’s homepage for more stories.

The next generation of video game consoles is just months away, but there are still a few major blockbusters planned for this generation in the interim. Perhaps the most notable of all of them is The Last of Us Part II, the sequel to one of 2013’s most critically-acclaimed releases, but developer Naughty Dog was thrown for a loop last week when a flood of spoilers popped up online as part of a massive leak of mysterious origin.

Videos were uploaded to YouTube last week that appeared to show off gameplay and cutscenes from The Last of Us Part II, spoiling key moments from the story. The footage also featured debug information at the bottom of the screen, leading some to speculate that a disgruntled Naughty Dog employee might have been behind the leak. But on Friday, Sony confirmed to GamesIndustry.biz that the people behind the video leak were “not affiliated with Sony Interactive Entertainment or Naughty Dog,” and now evidence suggests that hackers were to blame.

Over the weekend, Twitter user PixelButts shared a purported explanation for how the hackers would have been able to get their hands on the footage they shared. Supposedly, when development of a game nears completion, Naughty Dog pushes a patch that contains an Amazon Web Services key. This key can be paired with a bucket ID to give full access to the server’s contents. Hackers discovered this vulnerability and began saving development material for a variety of games, including Uncharted 3: Drake’s Deception and The Last of Us.

In all, PixelButts says that at least 1TB of data was stolen, though he claims that he had no direct involvement in the hack and even went as far as to warn Naughty Dog about the AWS vulnerability back in February.

Bloomberg News reporter Jason Schreier chimed in on Sunday morning as well. People with direct knowledge of the leak, as well as current Naughty Dog employees, told him that “hackers found a security vulnerability in a patch for an older ND game and used it to get access to ND’s servers.”

It’s still unclear who exactly decided to go through with leaking the content online, or why they did so. PixelButts told Kotaku that the people who discovered the vulnerability are “more just ND enthusiasts that like development content from their games, rather than malicious actors.” Nevertheless, someone took it upon themselves to make the stolen content public, and will likely pay a heavy price once they are identified.

The Last of Us Part II was originally scheduled to release on the PlayStation 4 on February 21st, 2020, but has since been delayed on two separate occasions, and is now slated to launch on June 19th.

Jacob Siegal
Jacob Siegal Associate Editor

Jacob Siegal is Associate Editor at BGR, having joined the news team in 2013. He has over a decade of professional writing and editing experience, and helps to lead our technology and entertainment product launch and movie release coverage.