ShinyHunters claims Rockstar Games data breach

The breach came via a third-party software provider

A hacking group claims to have accessed internal data belonging to Rockstar Games through a breach involving a third-party software provider.

Rockstar, maker of the Grand Theft Auto games, joins ShinyHunters’ past big-name trophies, which include the likes of Pandora, Match Group and the European Commission.

ShinyHunters has listed Rockstar on its dark web leak site and says it will release the data unless the firm pays a ransom by 14th April.

Rockstar confirmed that a breach had taken place but sought to reassure players and partners.

"We can confirm that a limited amount of non-material company information was accessed in connection with a third-party data breach. This incident has no impact on our organisation or our players," a spokesperson told thecybersecguru.

According to the attackers’ claims, the breach did not involve direct intrusion into Rockstar's systems or its cloud data provider, Snowflake. Instead, they say they exploited access through Anodot, a software tool companies use to analyse cloud spending and performance.

Such platforms require extensive access to internal systems. In this case, ShinyHunters apparently obtained authentication tokens – digital credentials that software systems use to communicate securely without repeated logins.

Because Rockstar's systems trusted these credentials, the attackers were able to access its Snowflake environment in a way that appeared legitimate.

This type of access can be difficult to detect, as activity may resemble normal automated processes rather than malicious behaviour.

What could be at risk

Rockstar is one of the world's most prominent game developers, best known for the Grand Theft Auto series, including the upcoming Grand Theft Auto VI.

There is currently no evidence that player passwords or payment information have been compromised.

However, if attackers did gain access to internal data systems, the potential exposure could include financial records, development timelines, analytics data and commercial agreements.

In that case, Rockstar could face regulatory scrutiny under data protection laws across multiple jurisdictions. The timing may also prove significant, coming ahead of a major product launch in a highly competitive industry.

Extortion-as-a-service model

ShinyHunters has previously been linked to high-profile breaches affecting firms such as Microsoft, AT&T and Ticketmaster, often focusing on exploiting APIs and identity systems rather than direct system attacks.

The group operates an extortion-as-a-service model, in which stolen data is used to pressure companies into paying ransoms.

Last year, reports emerged that the ShinyHunters group had teamed up with the Crimson Collective to intensify extortion campaigns against a major enterprise software company. The debut of a new leak portal suggested the group was formalising its extortion network and openly hosting operations for affiliated hackers.

Third-party risk in focus

The incident appears to be part of a broader wave of attacks targeting companies through third-party integrations. Organisations including Cisco and Telus have also been named in connection with similar activity.

While platforms like Snowflake may remain secure, vulnerabilities in connected tools can provide indirect pathways for attackers. Companies increasingly rely on such integrations, which can create trusted access points that become attractive targets.

Experts recommend that users enable extra security measures, such as two-factor authentication, as a precaution.