First reported by Nintendo Life, there has been a flood of never-before-seen Pokémon art, design documents, and other development material on social media, all apparently originating from a catastrophic security breach of Pokémon developer Game Freak. Game Freak itself has put out a statement confirming it was hacked and that employees' names and contact information have been compromised.
Much of the material reportedly from the leak is being shared to X, "The Everything App" by CentroLeaks, an established source on Pokémon leaks and rumors, but the PokeLeaks subreddit is also awash with content supposedly obtained in the hack, which CentroLeaks has dubbed the "teraleak" in reference to the similar 2020 "gigaleak" suffered by Nintendo.
A moderator on r/PokeLeaks, vagrantwade, has said that their team is "having to sift through a bunch of fakes that people are now trying to sneak through," and it is currently difficult to determine the provenance of individual posts. With that caveat, some of what I've seen so far includes:
- WIP sprites from the Gen 3, 4, and 5 Pokémon games.
- Concept art for the original 1997 anime.
- Design bible background lore on the Pokémon setting.
- Minutes from a Pokémon Company meeting about concluding the 26-year journey of perpetual 10-year-old, Ash Ketchum.
- Topline pitches for a Detective Pikachu movie sequel, as well as a movie with the working title "Game Boy"
- "Ounce," a codename for the Switch 2
Game Freak uploaded a Japanese-language statement on October 10 confirming that it was hacked, but notably has not yet confirmed that Pokémon design materials were part of that hack. Looking at (presumably machine-generated) translations from Twitter users Adrien190303 and brayshgaming, Game Freak states that its servers were breached in August. Game Freak disclosed that the names and work email addresses of 2,606 current and former employees, as well as external contractors, were compromised in the hack. For perspective, according to Wikipedia, Game Freak has 207 active employees as of this year.
The Pokémon brand is co-owned by Nintendo and the Pokémon Company, but Game Freak—particularly its co-founders, Satoshi Tajiri and Ken Sugimori—created the property. Game Freak continues to be the developer of all main line Pokémon games while being involved in the production of spin-offs and adaptations.
We're still weathering the initial tidal wave of information and misinformation related to the leak, with its full contents and ramifications likely to come into focus over the next few weeks. I'm still curious about Game Freak's wording in its official statement: While I can't be certain about the legitimacy of individual posts purporting to be from the hack, the sheer volume indicates that much more than employee contact information has been compromised. It's possible that Game Freak doesn't wish to legitimize the material in circulation by acknowledging it, but I also wonder if there may have been two separate intrusions, with the information from the August hack used in a subsequent phishing attack for this weekend's "teraleak." That would help explain the two month gap between the reported intrusion and the current rush of confidential material.
Regardless, this GameFreak "teraleak" joins a host of high profile games industry security lapses new and old. Some of the big hitters from the past that spring to mind include:
- Valve's Half-Life 2 beta hack back in 2003
- The previously-mentioned 2020 Nintendo "gigaleak"
- Nvidia's 2021 GeForce Now exposure of unannounced games
- The 2021 hack of CD Projekt
- The 2022 Rockstar hack that first revealed Grand Theft Auto 6
- Last year's hack on Insomniac that included art and assets from its yet-to-be fully revealed Wolverine game.