ShinyHunters Threatens Rockstar Games With Data Leak
The notorious cybercrime group ShinyHunters has claimed it successfully breached systems associated with video game developer Rockstar Games, warning that stolen data will be publicly released unless the company pays a ransom. According to the group's dark web site, the deadline for Rockstar to respond is April 14.
Rockstar Games acknowledged that some of its data had been accessed, though the company minimized the severity of the situation. "We can confirm that a limited amount of non-material company information was accessed in connection with a third-party data breach. This incident has no impact on our organization or our players," a company spokesperson told gaming outlet Kotaku. The company did not respond to a separate request for comment from Recorded Future News.
The Role of Anodot and Snowflake
ShinyHunters alleges the intrusion was made possible not by directly attacking Rockstar or cloud storage provider Snowflake, but rather through a third party: Anodot, an AI-driven cloud cost-monitoring and analytics platform that businesses use to track infrastructure spending and detect anomalies.
According to earlier security reports, the attackers allegedly obtained authentication tokens from Anodot that granted them access to customer Snowflake accounts. This type of attack — leveraging a trusted third-party integration to gain access to downstream systems — is a hallmark of supply-chain compromises and can bypass conventional security controls entirely.
ShinyHunters did not specify what categories of data were taken from Rockstar, and it remains unclear whether the two parties have entered into any ransom negotiations.
A Broader Supply-Chain Attack
The Rockstar incident appears to be one piece of a wider operation. The group recently claimed it had uncovered authentication tokens belonging to Anodot's service, allegedly giving it the ability to access cloud environments operated by more than a dozen organizations. The full scope of the supply-chain compromise and which other companies may have been affected has not yet been fully disclosed.
This pattern — compromising a shared analytics or monitoring tool to pivot into multiple enterprise cloud environments — highlights a growing vulnerability in the way organizations delegate access to third-party SaaS platforms.
Who Is ShinyHunters?
ShinyHunters is a financially motivated cybercrime group that has been active since at least 2020. Over the years, it has claimed responsibility for breaches across numerous industries and high-profile organizations. Most recently, in January, the group said it had hacked Match Group, the parent company behind popular dating applications including Tinder, Hinge, and OkCupid.
The group primarily seeks financial gain, using the threat of public data exposure as leverage to extort ransom payments from victims.
Rockstar Games Has Been Here Before
This is not the first time Rockstar Games has found itself in the crosshairs of threat actors. In 2022, a hacker infiltrated the company's internal systems and leaked footage and development materials from an upcoming installment of the Grand Theft Auto franchise — one of the most high-profile gaming leaks in recent memory.
The developer behind the blockbuster GTA series has now experienced multiple significant security incidents, raising questions about the resilience of its third-party vendor management and access controls.
Gaming Industry Remains a Prime Target
Video game studios have become increasingly attractive targets for cybercriminals, who are drawn by the prospect of stealing valuable intellectual property, unreleased game assets, and sensitive corporate data. Rockstar is far from alone in facing these threats. Other major studios that have experienced cybersecurity incidents in recent years include:
- Activision Blizzard
- Bandai Namco
- Capcom
- CD Projekt Red
- Riot Games
The recurring pattern of attacks against gaming companies underscores the need for robust security practices — including strict vetting of third-party service providers and the use of least-privilege access models to limit the potential blast radius of any single compromise.
What Happens Next
With the April 14 deadline set by ShinyHunters approaching, it remains to be seen whether Rockstar Games will engage with the attackers' demands or allow the clock to run out. The company's public posture so far has been to downplay the significance of the breach, describing the accessed information as non-material. However, given the group's history of following through on leak threats, the coming days could bring further developments.
Source: The Record