Rockstar Games has confirmed a data breach after the hacking group ShinyHunters gained access to the company’s internal Snowflake data warehouse through a third party integration, with more than 78.6 million records later leaked on April 14, 2026. The company said the incident involved a limited amount of non material company information and stated that it had no impact on its organization or its players.
Third Party Access Route Emerges
The breach did not originate from a direct attack on Rockstar’s own infrastructure. The exposed material indicates that the attackers used Anodot, an AI powered cloud cost monitoring and analytics SaaS platform used by Rockstar to manage parts of its digital infrastructure.
Authentication tokens were reportedly extracted from Anodot’s systems, allowing the attackers to impersonate a legitimate internal service and move into Rockstar’s connected Snowflake data warehouse. No vulnerability in Snowflake itself was said to have been exploited, with the tokens instead providing access that appeared legitimate and initially avoided detection.
FCRF Returns With CDPO, Its Premier Data Protection Certification for Privacy Professionals
Anodot had itself flagged connectivity issues as early as April 4, noting that its data collectors were offline across regions, including Snowflake, Amazon S3, and Amazon Kinesis. The timeline suggests the compromise may already have been under way before Rockstar became aware of it.
Leak Claims and Commercial Data Exposure
On April 11, 2026, ShinyHunters posted a warning on its dark web leak site saying Rockstar’s Snowflake instances had been compromised through Anodot and demanding payment to prevent a leak. The group added that failure to respond by April 14 would result in the release of the data along with what it described as several annoying digital problems. After Rockstar declined to negotiate, the group told the BBC it would release the stolen data.
Rockstar Under Pressure After Hacker Group ‘ShinyHunters’ Threatens Data Leak By April 14
The leaked archive is described as a multi domain analytics dataset used for GTA Online and Red Dead Online. Figures presented in the leak state that GTA Online generated about $500 million annually, driven by roughly $7.3 million in weekly Shark Card sales and $2.3 million in GTA+ subscription revenue. Platform level breakdowns cited in the same material identify PS5 as the top revenue driver with $4.49 million in weekly bookings and 3.47 million weekly active users, followed by Xbox Series X at $1.87 million weekly.
Player activity figures in the leaked data show GTA Online averaging 9.9 million weekly active users and peaking at 15.4 million, while Red Dead Online averaged 969,848 weekly active users.
Rockstar Seeks to Reassure Players
Rockstar said no player passwords, payment details, personally identifiable information, source code, or GTA 6 development assets were part of the leak. In a statement issued to multiple outlets, including Kotaku and IGN, a spokesperson said the company could confirm that only a limited amount of non material company information had been accessed in connection with a third party data breach.
The incident draws renewed attention to the risks posed by trusted SaaS integrations and third party connectors that hold privileged access credentials. Security teams were advised to audit SaaS integrations for least privilege access, rotate authentication tokens regularly, and watch for unusual Snowflake query behaviour as a possible sign of lateral movement through third party tooling.
