Rockstar Games hit with ransom demand after third-party data breach

Skye Jacobs

Posts: 2,029   +59
Staff
Winners & losers: Rockstar Games is once again dealing with a data breach after a hacker group known for targeting major tech firms claimed to have infiltrated the developer through one of its third-party cloud analytics tools.

The group responsible, ShinyHunters, says it didn't breach Rockstar or its data-warehouse provider, Snowflake. Instead, it exploited access from Anodot, a SaaS analytics tool Rockstar uses to track cloud costs and performance. The attackers allegedly stole authentication tokens from Anodot's systems and used them to gain unauthorized access to Rockstar's Snowflake environment.

The technique fits into a broader wave of attacks that hit the integration tools big companies use to track cloud costs and operations. In this case, the technology link between Rockstar and Anodot proved to be the weak point. Because the stolen tokens would have appeared valid, any access using them could have blended in with normal Anodot monitoring traffic.

A Rockstar Games spokesperson confirmed the incident but downplayed its severity. "We can confirm that a limited amount of non-material company information was accessed in connection with a third-party data breach," the company said. "This incident has no impact on our organization or our players."

The group behind the breach has issued an April 14 ransom deadline, warning Rockstar to "pay or leak." In a statement shared by The Cybersec Guru, ShinyHunters wrote, "This is a final warning to reach out by April 14 before we leak, along with several annoying digital problems that will come your way. Make the right decision, don't be the next headline."

Image credit: The Cybersec Guru

ShinyHunters, active since 2020, is one of several organized groups that target APIs, identity systems, and corporate integrations rather than individual user accounts. Past victims include Microsoft, Cisco, AT&T, Ticketmaster, and Wattpad – the latter incident exposing more than 270 million user records. The group also claimed responsibility for a 2020 Microsoft source code theft and has been linked to a wave of breaches through Snowflake- and Salesforce-based credentials in 2025.

For Rockstar, the timing is particularly sensitive. The studio's long-awaited Grand Theft Auto 6 – now set for release on November 19, 2026, after multiple delays – is one of the most closely guarded projects in gaming. A similar breach in 2022 resulted in 90 early gameplay clips leaking online, leading to the arrest of an 18-year-old hacker in the UK.

The problem lies in how third-party software integrates with cloud data warehouses. Tools like Anodot often require high-level permissions to detect cost or usage anomalies. If those access tokens are stolen, they can be used to impersonate the trusted software and pull data directly.

There is no current indication that individual player accounts or payment data were exposed. The compromise appears to involve corporate records, including internal reports, contracts, and marketing timelines. However, if ShinyHunters follows through on its leak threat and any personal data is involved, Rockstar could face both reputational damage and scrutiny from regulators under laws like GDPR and CCPA.

Permalink to story:

 
If I was them I'd tell the hackers "go ahead and leak it". We aren't paying you a dime. And then I'd get really nasty.
 
As RockStar and TakeTwo fired some unionized personnel accusing them of "leaking information" and other false pretenses while the company gets greedier and greedier year by year, I say this is just karma coming back to them like a boomerang.

I say to the hackers!...Good job and Do what you must!
 
As RockStar and TakeTwo ...gets greedier and greedier year by year...
How specifically do you define 'greed'? Have you ever worked for free to benefit a struggling startup business, or anywhere for less than the maximum salary you could command?

...I say this is just karma coming back to them like a boomerang. I say to the hackers!...Good job and Do what you must!
Attitudes like this promoting lawlessness and disdain for property rights are what led to the creation of Stalin's USSR, the 100 million dead in Mao's China, the killing fields of Cambodia and other authoritarian socialist regimes. Even Hitler's National Socialists merely channeled the German people's resentment of the "evil rich Jew", who at that time exerted an outsized control of the country's commerce and industry.
 
How specifically do you define 'greed'? Have you ever worked for free to benefit a struggling startup business, or anywhere for less than the maximum salary you could command?


Attitudes like this promoting lawlessness and disdain for property rights are what led to the creation of Stalin's USSR, the 100 million dead in Mao's China, the killing fields of Cambodia and other authoritarian socialist regimes. Even Hitler's National Socialists merely channeled the German people's resentment of the "evil rich Jew", who at that time exerted an outsized control of the country's commerce and industry.
It also got asteroids to kill all the dinosaurs
 
Funny how they want to imbed digital ID into the game yet can't keep anyone from hacking their own servers.
 
This is the third-party vendor breach playbook at this point. You spend millions hardening your own perimeter, implement zero-trust, hire a CISO who uses "threat surface" unironically in casual conversation — and then some analytics tool you onboarded in 2021 to track AWS costs has god-mode tokens sitting in a config file. The attacker didn't hack Rockstar. They hacked the company Rockstar forgot they were trusting.
 
Back