Last week, the entire contents of PlayStation‘s latest State of Play event, where it shares updates about games and consoles, were leaked online.
Leaks are common in the gaming sphere. But what’s notable about this leak is that it happened just hours after PlayStation scheduled the State of Play presentation on YouTube–a process that involves pre-uploading the whole event and letting the video sit in the back end of the channel, waiting to go live.
While videos are scheduled for premiere, they’re invisible to the general public, and the often confidential information within is meant to be safe. But while YouTube’s 2+ billion users can’t access the video, its thousands of employees and contractors can.
Subscribe for daily Tubefilter Top Stories
And Insider Gaming reporter Tom Henderson thinks they did. Within 18 hours of State of Play being pre-uploaded to YouTube, he was contacted by four different people to offer him the complete list of games that would be addressed during the event.
“Some game names were slightly different from others, likely because of different regions and the rush to jot everything down to be the first, but they were all generally spot on,” Henderson wrote. “One such individual even told me that the information was sold to an undisclosed person for a small three-figure amount, who then told him to spread it to more people for validity.”
Henderson didn’t publish the names of the people who offered him the list. He did, however, write up his experiences with “YouTube’s new gaming leak culture,” and share data from a 404 Media report that chronicles six years of privacy and security issues at Google.
The report, compiled using information from an internal Google database, covers the years 2013-2018, and shows at least one incident where a YouTube employee was responsible for a gaming leak. That was in 2017, when a photo of the trailer for Nintendo game Yoshi’s Crafted World was posted to Reddit.
How did people know the photo came from an insider? Easy: the screenshot they posted had a “admin.youtube.com” in the URL, proving they worked for YouTube.
404 Media’s report showed that Google’s internal database had comments about the incident: “Google employee deliberately leaked private Nintendo information,” it said. “Former [temporary vendor contractor] download video with admin account, and shared unreleased Nintendo feature with friend.” It classed the leak as “non-intentional.”
Henderson also highlighted other recent leak issues stemming from YouTube: one non-gaming, in 2022, where KSI‘s Amazon giveaway codes were redeemed before the video went public; and this past December, when the Grand Theft Auto VI trailer was leaked. Both videos, like State of Play, were pre-uploaded to YouTube.
Both incidents also resulted in investigations at YouTube, Henderson reports. People familiar with the matter told him multiple people were fired over the KSI/Amazon issue, including some who weren’t directly involved in it. That might mean YouTube’s investigation into that incident turned up other leakers.
“Your videos are not just watched for monetization approval,” one person told Henderson. “They are watched by employees all the time.”
Those incidents weren’t included on 404 Media’s report (again, it only had data up to 2018), so we don’t know what Google’s internal comments on those might be.
As for its external comments, a spokesperson told The Verge that every security flag on 404 Media’s report “was reviewed and resolved at that time.”
They didn’t say how YouTube plans to prevent leaks moving forward.
