Rockstar Games Suffers Data Breach Affecting 78.6 Million Users
Key Takeaways Rockstar Games experienced a data breach impacting 78.6 million user records. The attack exploited a third-party analytics platform, Anodot, to gain unauthorized access to...
Key Takeaways
- Rockstar Games experienced a data breach impacting 78.6 million user records.
- The attack exploited a third-party analytics platform, Anodot, to gain unauthorized access to Rockstar’s Snowflake data warehouse.
- The notorious ShinyHunters hacking group claimed responsibility, leaking data after Rockstar refused a ransom demand.
- No player passwords, payment details, PII, source code, or GTA 6 development assets were compromised.
Rockstar Games Suffers Major Data Breach via Third-Party Integration
Rockstar Games has officially acknowledged a significant data breach, confirming that the infamous hacking collective ShinyHunters successfully infiltrated its systems. The incident, which occurred on April 14, 2026, saw ShinyHunters leverage a vulnerability within a third-party integration to access the company’s internal Snowflake data warehouse, subsequently releasing over 78.6 million user records.
Table Of Content
The breach did not originate from a direct assault on Rockstar’s core infrastructure. Instead, ShinyHunters exploited Anodot, an AI-driven cloud cost monitoring and analytics SaaS platform utilized by Rockstar to manage its extensive digital assets.
Supply Chain Attack Leveraged Anodot Authentication Tokens
Reports indicate that attackers extracted authentication tokens from Anodot’s systems. These tokens enabled them to impersonate a legitimate internal service, thereby facilitating an undetected lateral movement into Rockstar’s connected Snowflake data warehouse. It is crucial to note that the compromise did not involve a vulnerability within Snowflake itself; rather, the tokens provided trusted, seemingly legitimate access that initially bypassed detection mechanisms.
Anodot had previously identified connectivity issues as early as April 4, observing that its data collectors for various platforms, including Snowflake, Amazon S3, and Amazon Kinesis, were offline across multiple regions. This timeline suggests the compromise was already in progress before Rockstar became aware of the intrusion. ShinyHunters is well-known for executing these types of supply-chain attacks, frequently targeting identity systems, API keys, and third-party integrations rather than relying on traditional software exploits.
Ransom Demand Refused, Data Leaked
On April 11, 2026, ShinyHunters issued a public warning on their dark web leak site, stating: “Rockstar Games! Your Snowflake instances were compromised thanks to Anodot.com. Pay or leak. This is a final warning to reach out by 14 Apr 2026 before we leak along with several annoying (digital) problems that’ll come your way.” When Rockstar Games, in alignment with global law enforcement recommendations against paying ransoms, declined to negotiate, the group confirmed to the BBC that it would proceed with releasing the stolen data.
The leaked archive reportedly contains 78.6 million records, which are described as a multi-domain analytics dataset used for both Grand Theft Auto Online (GTAO) and Red Dead Online (RDO).
Leaked Data Reveals Game Revenue and User Metrics
Analysis of the leaked data indicates that GTA Online generates approximately $500 million annually, with weekly Shark Card sales contributing around $7.3 million and GTA+ subscription revenue adding $2.3 million. Platform-specific breakdowns show the PlayStation 5 as the primary revenue driver, accounting for $4.49 million in weekly bookings and 3.47 million weekly active users, followed by Xbox Series X with $1.87 million weekly.
Player activity metrics from the breach reveal that GTAO averages 9.9 million weekly active users, with peaks reaching 15.4 million, while RDO maintains an average of 969,848 weekly active users. Importantly, the leak did not include player passwords, payment details, personally identifiable information (PII), source code, or development assets for the upcoming Grand Theft Auto 6.
In a statement provided to various media outlets, including Kotaku and IGN, a Rockstar Games spokesperson affirmed: “We can confirm that a limited amount of non-material company information was accessed in connection with a third-party data breach. This incident has no impact on our organization or our players.”
This incident highlights a growing and critical threat vector: supply-chain attacks executed through trusted SaaS integrations. ShinyHunters has a history of breaching major organizations such as Ticketmaster, AT&T, Microsoft, and Cisco using similar methods. The Anodot-to-Snowflake pivot underscores that even organizations with robust internal security measures remain vulnerable through third-party connectors possessing privileged access credentials.
Updated: April 14, 2026 — ShinyHunters has now published the dataset following Rockstar’s refusal to pay the ransom demand.
What You Should Do
- Audit SaaS Integrations: Review all third-party SaaS integrations to ensure they adhere to the principle of least privilege.
- Rotate Authentication Tokens: Implement a regular schedule for rotating authentication tokens and API keys, especially for third-party services.
- Monitor for Anomalous Behavior: Actively monitor your data warehouses (e.g., Snowflake) for unusual query patterns or access behaviors that could indicate lateral movement via third-party tools.
- Implement Zero Trust Principles: Apply Zero Trust principles to all connections, even those from trusted third-party vendors, requiring continuous verification.
- Isolate Critical Data: Where possible, segment and isolate highly sensitive data to limit the impact of a breach on connected, less critical systems.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.