Rockstar Games Data Breach: ShinyHunters Leaks 78.6 Million Records
Rockstar Games has suffered a significant data breach after the infamous threat group ShinyHunters leaked over 78.6 million internal records on April 14, 2026.
Supply-Chain Attack via Third-Party Platform
The incident did not involve a direct attack on Rockstar’s primary network infrastructure. Instead, the hackers executed a supply-chain attack through a third-party analytics platform, highlighting the escalating risk of integrated cloud services.
The breach originated from Anodot, an AI-driven cloud cost monitoring platform used by Rockstar to manage its digital footprint.
Attackers successfully extracted authentication tokens from Anodot’s infrastructure. Using these compromised tokens, ShinyHunters managed to impersonate legitimate internal services, allowing them to silently navigate into Rockstar’s connected Snowflake data warehouse.
Security experts noted that there were no vulnerabilities within Snowflake itself. The attackers simply used stolen credentials to gain trusted access, effectively bypassing traditional detection mechanisms.
Early Warning Signs
Warning signs appeared as early as April 4, when Anodot reported offline data collectors across several regions, suggesting the intrusion was already in motion before Rockstar was alerted.
Leaked Analytics Data
On April 11, ShinyHunters posted a ransom demand on their dark web portal, threatening to release the data if Rockstar did not negotiate by April 14.
Following standard law enforcement guidelines, Rockstar refused to pay the ransom, prompting the threat actors to publish the stolen archive online.
The leaked records primarily consist of a massive analytics dataset covering Grand Theft Auto Online (GTAO) and Red Dead Online (RDO).
The data exposes detailed financial metrics, revealing that GTAO generates roughly $500 million annually through subscriptions and microtransactions, according to CSN.
Platform breakdowns show the PlayStation 5 as the leading revenue driver with 3.47 million weekly active users, while total weekly active users for the game peak around 15.4 million.
Impact on Players
Despite the massive volume of leaked records, the breach does not pose a direct risk to user accounts. No player passwords, payment information, personally identifiable information, or source code for the highly anticipated GTA 6 were exposed.
A Rockstar spokesperson confirmed that only a limited amount of non-material company information was accessed, ensuring that the incident would not impact daily operations or the player base.
Security Lessons Learned
This breach serves as a stark reminder of the dangers associated with trusted SaaS integrations.
ShinyHunters has a history of exploiting third-party vectors, having previously targeted major corporations like Microsoft and AT&T using similar tactics.
Security teams are strongly advised to audit all SaaS integrations to enforce least-privilege access rules. Organizations must regularly rotate authentication tokens and closely monitor their Snowflake databases for unusual query behavior — which often serves as the first indicator of lateral movement.