Winners & losers: Rockstar Games is once again dealing with a data breach after a hacker group known for targeting major tech firms claimed to have infiltrated the developer through one of its third-party cloud analytics tools.
The group responsible, ShinyHunters, says it didn't breach Rockstar or its data-warehouse provider, Snowflake. Instead, it exploited access from Anodot, a SaaS analytics tool Rockstar uses to track cloud costs and performance. The attackers allegedly stole authentication tokens from Anodot's systems and used them to gain unauthorized access to Rockstar's Snowflake environment.
The technique fits into a broader wave of attacks that hit the integration tools big companies use to track cloud costs and operations. In this case, the technology link between Rockstar and Anodot proved to be the weak point. Because the stolen tokens would have appeared valid, any access using them could have blended in with normal Anodot monitoring traffic.
A Rockstar Games spokesperson confirmed the incident but downplayed its severity. "We can confirm that a limited amount of non-material company information was accessed in connection with a third-party data breach," the company said. "This incident has no impact on our organization or our players."
The group behind the breach has issued an April 14 ransom deadline, warning Rockstar to "pay or leak." In a statement shared by The Cybersec Guru, ShinyHunters wrote, "This is a final warning to reach out by April 14 before we leak, along with several annoying digital problems that will come your way. Make the right decision, don't be the next headline."
Image credit: The Cybersec Guru
ShinyHunters, active since 2020, is one of several organized groups that target APIs, identity systems, and corporate integrations rather than individual user accounts. Past victims include Microsoft, Cisco, AT&T, Ticketmaster, and Wattpad – the latter incident exposing more than 270 million user records. The group also claimed responsibility for a 2020 Microsoft source code theft and has been linked to a wave of breaches through Snowflake- and Salesforce-based credentials in 2025.
For Rockstar, the timing is particularly sensitive. The studio's long-awaited Grand Theft Auto 6 – now set for release on November 19, 2026, after multiple delays – is one of the most closely guarded projects in gaming. A similar breach in 2022 resulted in 90 early gameplay clips leaking online, leading to the arrest of an 18-year-old hacker in the UK.
The problem lies in how third-party software integrates with cloud data warehouses. Tools like Anodot often require high-level permissions to detect cost or usage anomalies. If those access tokens are stolen, they can be used to impersonate the trusted software and pull data directly.
There is no current indication that individual player accounts or payment data were exposed. The compromise appears to involve corporate records, including internal reports, contracts, and marketing timelines. However, if ShinyHunters follows through on its leak threat and any personal data is involved, Rockstar could face both reputational damage and scrutiny from regulators under laws like GDPR and CCPA.