Rockstar GTA Hacked: Attackers Leak 7 Rockstar’s Game

Rockstar Games has confirmed a data breach following an attack by the notorious hacking group ShinyHunters. The group exploited a third-party integration, gaining access to the company’s internal Snowflake data warehouse and subsequently leaking over 78.6 million records on April 14, 2026.

The breach did not stem from a direct attack on Rockstar’s infrastructure. Instead, ShinyHunters leveraged Anodot, an AI-powered cloud cost monitoring and analytics SaaS platform that Rockstar uses to manage its digital infrastructure.

Attackers reportedly extracted authentication tokens from Anodot’s systems, allowing them to impersonate a legitimate internal service and silently traverse into Rockstar’s connected Snowflake data warehouse.

Notably, no vulnerability in Snowflake itself was exploited; the tokens provided trusted, seemingly legitimate access that initially evaded detection.

Rockstar’s GTA Game Hacked

Anodot had itself flagged connectivity issues as early as April 4, noting that its data collectors were offline across regions, including Snowflake, Amazon S3, and Amazon Kinesis.

The timeline suggests the compromise was already underway before Rockstar was made aware. ShinyHunters is known for precisely this type of supply-chain pivot targeting identity systems, API keys, and third-party integrations rather than relying on traditional exploits.

On April 11, 2026, ShinyHunters posted a warning on their dark web leak site: “Rockstar Games! Your Snowflake instances were compromised thanks to Anodot.com. Pay or leak.

This is a final warning to reach out by 14 Apr 2026 before we leak along with several annoying (digital) problems that’ll come your way.”. When Rockstar declined to negotiate consistent with global law enforcement guidance against paying ransoms, the group confirmed to the BBC that it would release the stolen data.

The leaked archive contains 78.6 million records described as a multi-domain analytics dataset used for GTA Online (GTAO) and Red Dead Online (RDO).

According to data from the leak, GTA Online generated approximately $500 million annually, driven by roughly $7.3 million in weekly Shark Card sales and $2.3 million in GTA+ subscription revenue. Platform-level breakdowns reveal PS5 as the top revenue driver with $4.49 million in weekly bookings and 3.47 million weekly active users, followed by Xbox Series X at $1.87 million weekly.

Player activity metrics show GTAO averaging 9.9 million weekly active users and peaking at 15.4 million, while RDO averaged 969,848 weekly active users. Crucially, no player passwords, payment details, personal identifiable information, source code, or GTA 6 development assets were part of the leak.

In a statement issued to multiple outlets, including Kotaku and IGN, a Rockstar Games spokesperson confirmed: “We can confirm that a limited amount of non-material company information was accessed in connection with a third-party data breach. This incident has no impact on our organization or our players.”

This incident reinforces a persistent and escalating threat pattern: supply-chain attacks via trusted SaaS integrations. ShinyHunters has previously breached Ticketmaster, AT&T, Microsoft, and Cisco using similar vectors.

The Anodot-to-Snowflake pivot underscores that even organizations with hardened internal environments remain exposed through third-party connectors that hold privileged access credentials

Security teams are advised to audit all SaaS integrations for least-privilege access, rotate authentication tokens regularly, and monitor for anomalous Snowflake query behavior as early indicators of lateral movement through third-party tooling.

Updated: April 14, 2026 — ShinyHunters has now published the dataset following Rockstar’s refusal to pay the ransom demand.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.