Rockstar Games data threat tied to third‑party access

Rockstar Games said a third-party breach exposed a limited amount of company information, after ShinyHunters threatened to leak data unless it was paid by April 14. (ign.com) Rockstar told media outlets that the accessed data was “non-material” and said the incident had “no impact” on its operations or players. ShinyHunters posted its warning on April 11 and said Rockstar should “pay or leak” before April 14, 2026. (ign.com) The reported path into Rockstar’s data did not start with Rockstar’s own network. Multiple reports said the group got in through Anodot, a software service that monitors cloud costs and analytics, then used stolen authentication tokens to reach Rockstar’s Snowflake data warehouse. (helpnetsecurity.com, theregister.com) An authentication token works like a digital badge that lets one service talk to another without asking for a password every time. If attackers steal that badge from a connected vendor, they can sometimes enter a customer’s cloud account as if they were an approved internal tool. (theregister.com, ign.com) That is the part companies have been dealing with across cloud software this month: not a break-in through one locked front door, but access passed along through a trusted connection. Snowflake told reporters that a small number of customers saw unusual activity tied to a specific third-party integration, and that Snowflake’s own systems were not directly compromised. (bleepingcomputer.com, rhisac.org) Anodot’s public status page showed trouble on April 4, when it said Snowflake, Amazon Simple Storage Service, and Amazon Kinesis collectors were affected across regions. Later updates said alerts were working again, but data collectors were still offline on April 11. (status.anodot.com) Reports tied Rockstar to a wider set of victims in the same campaign. BleepingComputer said more than a dozen companies were hit after attackers stole tokens from a breached software-as-a-service integration provider, while Help Net Security listed other recent ShinyHunters victims including the European Commission, Aura, and Salesforce. (bleepingcomputer.com, helpnetsecurity.com) Rockstar has been here before, though through a different route. In 2022, early Grand Theft Auto VI footage leaked online after a separate intrusion, and in December 2023 the game’s first trailer appeared online before Rockstar published it officially. (ign.com, theregister.com) As of April 14, Rockstar’s public position is still that players and operations were not affected. The open question is whether ShinyHunters releases anything beyond what Rockstar has described as limited internal company data. (gosugamers.net, computerweekly.com)