GTA V role-play servers neglected security, exposing millions of players’ records

Published: 1 April 2026
Last updated: 1 April 2026
gta v role play servers neglectedp security

A misconfigured server spilled nearly a million records from Spanish-speaking Grand Theft Auto V role-play communities, potentially revealing gamers' identities.

Grand Theft Auto just became Grand Data Theft after a massive leak exposed player records. Cybernews researchers discovered an unsecured Elasticsearch database containing nearly 820,000 records linked to multiple FiveM role-play servers, including NaranjaRP, CalipsoRP, and LaStreetRP.

FiveM RP servers are community-run multiplayer servers for the PC version of Grand Theft Auto V built using the FiveM modification framework. They create immersive worlds where players can, instead of playing original GTA protagonists, create their own unique characters and control the narrative.

ADVERTISEMENT

The Cybernews research team believes that the exposed details could enable attackers to pin down real-world players, making the “anonymous” online life far less private than gamers think.

Spanish GTA V roleplay
Screenshot by Cybernews

The team uncovered that Spanish-speaking communities, likely located across Spain and Latin America, are among the most affected. However, IP metadata suggests potentially broader geographic exposure.

The latest entries were from January 2026, suggesting it was a live server actively tracking players in real time. The leaky server remained publicly accessible for roughly two weeks before being taken offline.

According to our researchers, some indications suggest that it was a threat actor aggregating players’ data before accidentally exposing it online.

What data did Grand Theft Auto V communities leak?

The leaked data appears to be a centralized compilation of logs pulled from multiple FiveM role-play servers operated by separate teams. The database was divided into plain-text structured logs:

  • 594,556 records labeled “NaranjaRP-Parte1.txt”
  • 196,137 records labeled “NaranjaRP-Parte2.txt”
  • 27,063 records labeled “CalipsoRP-Bans.txt”
  • 4 records labeled “LaStreetRP.txt”
ADVERTISEMENT

According to the team, the way the logs are structured suggests either a shared admin server or a third-party collector aggregating multiple communities.

Although definitive conclusions cannot be drawn, researchers say there are indications that a threat actor may have been the one aggregating data.

“Multiple indicators, such as index names and chosen hosting provider, suggest that the data could have been collected by a threat actor,” our research team said.

The type of player data leaked includes:

  • Player session logs: tracking in-game moves
  • Ban records: detailing moderation actions
  • Identification metadata: including Steam hex IDs, Discord user IDs, and in-game player names
  • Cross-platform linkages: connecting users across different platforms
  • IP addresses and timestamps: revealing approximate physical locations

What effect does the data leak have on Grand Theft Auto players?

Our researchers are sure that no financial data or real names were leaked. However, community members’ identities are still at risk, especially if data is cross-referenced across the internet.

Persistent Steam and Discord IDs stitched together with IP logs can point straight back to a real person behind the screen.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

Ban lists also add fuel to the fire. Moderation and ban records may include behavior-related details that could harm a player’s reputation if exposed.

ADVERTISEMENT

These records persistently stay tied to a digital identity that can follow a player across different servers and communities.

Independent gamer communities lack cybersecurity protocols

Independent servers dominate the FiveM ecosystem, where individual communities host their servers using third-party infrastructure.

However, many of these servers are run by passionate gamers, not cybersecurity pros. Independent hosting, messy configurations, and exposed databases can quietly turn a fun role-play gaming into a privacy trap.

This incident demonstrates the importance of proper configuration and access control, especially for centralized logging servers aggregating multiple communities.

Check if your data has been leaked

Find out if your email, phone number or related personal information might have fallen into the wrong hands.
18,611,353,922
Breached accounts
36,030
Breached websites

In 2023, GTA creators announced that the team behind FiveM and RedM, Cfx.re, has officially joined Rockstar Games. With such a move, Rockstar is likely giving more official support to community creators.

Do improved services also mean improved cybersecurity? Cybernews has reached out to Rockstar for comment, but a response has not yet been received.

Disclosure Timeline

Leak discovered: January 25th, 2026
Leak closed: February 18th, 2026

ADVERTISEMENT

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
Español English Português (BR) Français Niederländisch Deutsch Italian (IT)
More from Cybernews
By participating in this viral trend, you help train AI where it struggles the most
Windows hibernation may contribute to SSD wear as storage costs rise
UFO skeptic Michael Shermer apologizes to David Grusch
Man tries to make a sale on Facebook Marketplace, gets scammed out of $300 via Zelle
Critical FFmpeg flaw discovered: just watching a video can fully compromise your system
The world's top intelligence alliance: AI could supercharge cyberattacks within months
ADVERTISEMENT