Cyber Incident Victim: Rockstar Games
Date:
Apr 2026
Location:
United States of America
Summary
Rockstar Games confirmed a third‑party data breach after hackers accessed its Snowflake cloud storage via a compromised Anodot analytics tool. The hacker group ShinyHunters demanded a ransom, released limited non‑material data such as GTA Online and Red Dead Online revenue metrics when the demand was not met, and stated that no GTA 6 material or player data was exposed. The company said the breach had no impact on its operations or players, and Take‑Two’s share price rose after the leak.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On April 4, 2026, Anodot reported that its data connectors stopped working, marking the start of a security breach that later allowed attackers to obtain authentication tokens from the service. ShinyHunters used those tokens as a digital passkey to enter Rockstar Games' Snowflake data warehouse, according to reporting from The CyberSec Guru. The attackers did not crack Snowflake’s encryption but leveraged the compromised Anodot integration to gain access. On April 11, 2026, Rockstar Games confirmed to multiple outlets that a limited amount of non-material company information had been accessed in connection with a third‑party data breach. The company’s statement emphasized that the incident had no impact on its organization or its players.
ShinyHunters issued a ransom demand on the same day, setting a deadline of April 14, 2026, and warning Rockstar to pay or face leakage of the stolen data along with several announced digital problems. The group posted its message on a dark web site, stating that Rockstar’s Snowflake instances were compromised thanks to Anodot.com and providing the final warning to reach out by the deadline. Instead of paying, Rockstar refused to meet the demand, and on April 13, 2026, ShinyHunters released the data they claimed to have stolen. The leaked files consisted mainly of metrics information about GTA Online and Red Dead Online, including daily and weekly revenue figures and details about specific countries’ spending habits, but did not contain any GTA 6 source code, assets, or player data. ShinyHunters also denied past reports that they were selling the data for $200,000 on Telegram, asserting that the information was never for sale.
Following the leak, Take-Two Interactive’s stock price rose from $202.26 to an intraday peak of $207.78 on April 14, 2026, before closing at $205.10. Rockstar maintained its position that the accessed information was non‑material and that the breach would not affect its operations or the player base. The company did not issue further comments on the leaked data after its release. This incident adds to Rockstar’s history of data breaches, which includes a 2022 compromise of its Slack channel by a teenager that resulted in the early leak of GTA 6 gameplay footage and assets. Snowflake detected unusual activity linked to the Anodot breach and subsequently cut off Anodot customers from their cloud storage as a protective measure.