The notorious cybercrime group ShinyHunters has claimed to have gained unauthorized access to Rockstar Games’ data through a third-party analytics tool. The group has issued an ultimatum, threatening to publicly leak all the compromised data if a ransom is not paid by April 14.
What Exactly Happened?
ShinyHunters has officially added Rockstar Games to its dark web leak platform. According to the group’s claims, they did not breach Rockstar’s internal systems directly. Instead, they targeted Anodot, a SaaS cloud-cost monitoring tool utilized by the studio. The attackers successfully extracted authentication tokens from Anodot that provided direct access to Rockstar’s Snowflake data warehouse.
By using these stolen tokens, the attackers were able to navigate Rockstar’s database posing as a legitimate internal service. Since the access closely resembled standard internal monitoring processes, it became significantly more difficult for Rockstar’s security team to detect any unusual activity.
What Data is at Risk?
According to the claims made by ShinyHunters, the compromised data potentially includes:
- Financial records (including revenue figures for GTA Online and Red Dead Online)
- Player spending data and geographic analytics
- Marketing timelines and business strategies
- Contracts and agreements with Sony, Microsoft, voice actors, and music labels
- Outsourcing agreements
As of right now, there is no evidence to suggest that individual player passwords or specific payment details have been leaked. However, maintaining a cautious approach is highly recommended.
How Did the Attack Occur?
Anodot is an AI-powered analytics platform widely used by corporations to monitor cloud expenditures and detect anomalies. To function effectively, such tools require deep and extensive access permissions to a company’s cloud infrastructure.
The attackers didn’t have to crack Snowflake’s encryption. By breaching Anodot’s systems, they managed to steal authentication tokens. These tokens act as digital keys, allowing software to communicate autonomously without requiring human password input. Because Rockstar’s Snowflake environment inherently trusted these tokens, the attackers essentially walked right through the front door.
Even more concerning is the claim that since the unauthorized access mimicked legitimate internal monitoring, ShinyHunters was reportedly able to run database exports for an extended period without triggering any immediate alarms.
Who Are the ShinyHunters?
Active since roughly 2020, ShinyHunters is a well-known hacker group that specializes in targeting corporate entities rather than individual users. Their past high-profile targets include Microsoft (where they claimed to have stolen 500GB of source code), Wattpad (270 million user records leaked), Cisco, AT&T, and Ticketmaster. The group has also been linked to the widespread wave of Snowflake-related credential thefts that caused significant disruptions throughout 2025.
Recent reports indicate that ShinyHunters is currently targeting over 400 companies through compromised Salesforce and Anodot integrations. Other prominent victims caught up in this recent wave reportedly include Cisco, Canadian telecommunications giant Telus, and Dutch provider Odido.
Not the First Time for Rockstar Games
This isn’t the first major cybersecurity incident for Rockstar Games. In 2022, a teenage hacker breached the studio’s Slack network, resulting in the leak of over 90 videos featuring in-development gameplay of GTA VI. This incident went down in history as one of the most significant data leaks the video game industry has ever seen.
During the subsequent court proceedings, the prosecutor emphasized the gravity of the situation, referring to the leaked material as “highly confidential data from a billion-dollar franchise.”
No Official Statement from Rockstar Yet
As of the time of writing, neither Rockstar Games nor its parent company, Take-Two Interactive, have issued an official statement regarding these claims. This silence aligns with their typical approach to handling ongoing cybersecurity investigations.
If the April 14 deadline passes and player data is indeed leaked, Rockstar could face serious legal and reputational consequences, including reporting obligations under GDPR and CCPA, potential class-action lawsuits, and a significant loss of consumer trust right before the highly anticipated launch of GTA VI.
What Should You Do About Your GTA Online Account?
Currently, there is no concrete evidence that individual player passwords or payment details were compromised. The breach seems strictly aimed at corporate and financial data. Nevertheless, if you haven’t already, now is the perfect time to enable Two-Factor Authentication (2FA) on your Rockstar Social Club account.
Note: Rockstar Games has not officially confirmed the scope of any breach or the validity of these claims.
GTA VI is currently scheduled to be released on November 19, 2026, for the PlayStation 5 and Xbox Series S|X. No official release date for the PC version has been provided yet.