Rockstar Games Hit by Data Breach as ShinyHunters Threatens to Leak Corporate Files

Hacking group ShinyHunters claims to have breached Rockstar Games and is now demanding a ransom, with a deadline set for April 14, 2026.

The attackers say they accessed Rockstar's Snowflake data warehouse environment through a third-party analytics platform called Anodot.

Anodot is a SaaS cloud cost monitoring tool that companies use to track spending and catch infrastructure anomalies. Because it needs deep access to cloud systems to function, it held authentication tokens that connected directly to Rockstar's Snowflake instances. According to reports, ShinyHunters compromised Anodot's systems first and pulled those tokens, which then allowed them to walk into Rockstar's environment without triggering any obvious alarms.

The reason this worked so cleanly is that the access looked like a routine internal process. The attackers reportedly ran database exports for some time before anything was flagged. Snowflake confirmed to BleepingComputer earlier this week that the platform itself wasn’t breached, but the credentials involved were stolen.

ShinyHunters posted a message on the dark web making their demands clear. "Rockstar Games, your Snowflake instances were compromised thanks to Anodot.com. Pay or leak," the group wrote.

"This is a final warning to reach out by 14 Apr 2026 before we leak, along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline."

The data potentially at risk includes financial records from GTA Online and Red Dead Online, player spending habits, geographic data, marketing timelines, and contracts with Sony, Microsoft, voice actors, and music labels.

As per reports by The CybersecGuru, there is currently no evidence that individual player passwords or payment information was accessed. The breach appears to be focused on corporate level data rather than user accounts. Still, players with a Rockstar Social Club account would do well to enable two-factor authentication as a precaution.

ShinyHunters is not a new name in cybersecurity circles. The group has been active since 2020 and has a well-documented history of targeting APIs, identity systems, and third-party integrations rather than going after individuals. Their past victims include Microsoft, AT&T, Wattpad, SoundCloud, Ticketmaster, and the European Commission.

Earlier in 2026, the group also claimed to have gained access to Salesforce data from over 400 companies, publishing data from 26 of them. Cisco and Canadian telecom Telus have also been named as part of this broader wave of attacks linked to compromised integrations.

This is not the first time Rockstar has been on the receiving end of a breach either. Back in 2022, an 18-year-old hacker named Arion Kurtaj managed to access the company's internal Slack channel and leaked early GTA VI footage.

UPDATE: Rockstar Games has issued an official statement on the matter (via Kotaku):