Three major releases pirated before launch in a single year. One of them because the developer simply forgot to encrypt the files. If there was ever a moment to ask whether the games industry has its house in order, it’s now.
May 2026 has been a brutal month for game security. On May 10, Playground Games uploaded an unencrypted repository of Forza Horizon 6 files to Steam (155 gigabytes of content) ten days before the game’s official release. Within hours, links to the files were spreading across sharing sites, swiftly deleted from Reddit but widely available elsewhere on the web. Forza Horizon 6 only had basic Steam DRM, which crackers broke within hours, leaving the game fully playable in offline mode. But this wasn’t a sophisticated cyberattack or a rogue employee with a grudge. Playground Games itself appears to have uploaded the preload without encryption. One of Microsoft’s flagship studios, handling one of Xbox’s most important releases of the year, apparently skipped one of the most basic steps in launch preparation.
Playground Games moved quickly to contain the damage. The studio confirmed it was “taking strict enforcement action against any individuals found accessing this build” including franchise-wide bans that became the subject of some grim online humour when the ban length turned out to be nearly 8,000 years. It’s a memorable response, but it does little to address the underlying failure. Banning pirates after the fact is not so much a security strategy as a press release.
Then, just days later, it happened again. Subnautica 2 leaked online 48 hours before its May 14 Early Access launch, making it the third major 2026 release to be compromised before hitting shelves, following both Forza Horizon 6 and Capcom’s PRAGMATA earlier in the year. Whether the Subnautica 2 leak originated from a reviewer or followed an insider pattern similar to Forza’s had not been confirmed at time of writing, but the effect was the same either way: paying customers watched the game they’d been waiting for appear for free online before they could even download it legitimately.
That’s the part of this story that tends to get lost in the piracy debate. Premium Edition buyers had paid $120 for early access starting May 15 only for pirates to get the full game days earlier, for free. For Subnautica 2, an Early Access title that depends on a committed paying community to fund its ongoing development, the damage is especially pointed. Early Access is a trust model. Players hand over money for an unfinished product on the understanding that their support makes the final game possible. When the game is freely available before those supporters can even log in, it makes a mockery of the arrangement.
Redditors were quick to point out the lack of encryption on review copies as a glaring vulnerability, with many questioning why full game files are being sent to third parties without basic protection. That’s a fair question, and unfortunately it doesn’t have a satisfying answer. The technology to encrypt review builds exists. The incentive to use it has never been more obvious. And yet here we are.
For XBOX, the timing could hardly be worse. The company is navigating declining hardware and game sales, rising prices, and a Game Pass subscription that nearly doubled in cost last year. Forza Horizon 6 was supposed to be a statement of intent — a tentpole release that reminded players why the XBOX ecosystem matters. Instead, its launch week became a story about how Playground Games forgot to lock the door.
With Summer Game Fest around the corner and a packed second half of 2026 ahead, publishers need to treat pre-launch security as the serious operational issue it clearly is, not an afterthought tidied up with ban waves and statements after the fact. Three leaks in five months isn’t bad luck. It’s a pattern. And the industry needs to start treating it like one.
