Rockstar Games confirms it was hacked by malicious group — 'ShinyHunters' takes credit, gives until April 14 to pay ransom or risk leaking confidential data, 'ShinyHunters'

Rockstar Games seems to have been hacked yet again, this time by the popular group "ShinyHunters" that has also compromised other large companies before. The attack was first spotted by Cybersec Guru, who later got a quote from a Rockstar spokesperson confirming it had been breached. The group has stolen confidential data and is holding the company at ransom for it, with a payment deadline set for April 14.

"Rockstar Games, your Snowflake instances were compromised thanks to Anodot.com. Pay or leak. This is a final warning to reach out by 14 Apr 2026 before we leak, along with several annoying (digital) problems that’ll come your way. Make the right decision, don’t be the next headline.” — ShinyHunters on their website.

There is little info as to what this data includes (or the ransom amount) since most of the conversation is cordoned off to the dark web, where such sales often occur. Previously, Rockstar was hacked in 2022, where a single person was able to access internal development channels and acquire nearly 100 early gameplay videos for GTA VI, including, allegedly, the source code for both GTA VI and GTA V.

Article continues below

ShintyHunters, in contrast, is a group that operates less traditionally and often exploits API keys, user sessions, and third-party integrations to get inside more legitimately. In this instance, they were able to hijack the company's Anodot, which is an analytics and monitoring tool many businesses use to track finances. Anodot is connected to the firm's cloud infrastructure, which is "Snowflake" in Rockstar's case.

The group didn't break Snowflake's security; they instead extracted authentication tokens from Anodot to pass as regular users and access Snowflake accounts. Once in, they easily stole the data, which likely doesn't include passwords or sensitive player info, and perhaps not even bits from active game development. Still, there will be confidential corporate data that Rockstar doesn't want to float around otherwise.

Snowflake is not just used by Rockstar. Many other companies that integrate it via Anodot have been compromised by ShinyHunters in the past few months as well. Rockstar seems to be part of a broader wave of extortion-related hacks that go beyond any ideological pursuits, such as the recent Spotify breach. In any case, if the ransom isn't paid by April 14, the malicious group will release the stolen data publicly.

Rockstar's spokesperson has told multiple outlets the hackers only took "non-material company information" and that the overall attack doesn't impact "our organization or our players.” That implies maybe the ransom doesn't need to be paid, since the data doesn't have any meaningful value and players aren't affected, or it could just be damage control.

Realistically, we could get insight into some interesting spending habits inside the firm in case the data is released. How the marketing for the game is being shaped behind the scenes, its costs, or a potential delayed release window that hasn't been announced yet. Ironically, considering GTA VI is due in a few months, any cybersecurity lapses at Rockstar only exacerbate the players' worries of said potential delay.

Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.