Rockstar breach via third party
Rockstar Games confirmed a data breach after the ShinyHunters group claimed access and issued a ransom demand, with reports saying attackers reached Snowflake metrics via a third‑party tool called Anodot. Rockstar described the breach as limited and said players and core systems were unaffected. (helpnetsecurity.com) (theregister.com) (gosugamers.net)
Rockstar Games says a third-party breach exposed some company data, while the ShinyHunters extortion group says it will leak what it stole after a failed ransom demand. (theregister.com) Rockstar told Kotaku and other outlets that “a limited amount of non-material company information” was accessed and said the incident has “no impact on our organization or our players.” The company did not say what data was taken. (helpnetsecurity.com) The attackers said they reached Rockstar’s Snowflake data warehouse through Anodot, a software service that watches cloud costs and performance. Reports on April 13 said the group claimed it reused authentication tokens from that connection rather than breaking into Snowflake directly. (helpnetsecurity.com) (theregister.com) That matters because this was described as a supply-chain style breach, where a company is hit through a connected vendor instead of its own front door. In plain terms, a trusted software bridge appears to have become the path into Rockstar’s data. (theregister.com) ShinyHunters posted its “pay or leak” warning on April 11 and set April 14, 2026, as the deadline to make contact. By April 13, the group was telling the BBC and other outlets that Rockstar had not met its demands and the data would be published. (helpnetsecurity.com) (bbc.co.uk) (ign.com) Anodot’s own status page showed trouble before the breach became public. On April 4, it reported that Snowflake, Amazon Simple Storage Service, and Amazon Kinesis collectors were not retrieving samples, and later said all data collectors were not working. (status.anodot.com) Rockstar is under extra scrutiny because it is already one of gaming’s most leak-hit studios. In 2022, more than 90 early Grand Theft Auto VI videos and images were posted online after a separate breach tied to the Lapsus$ group. (theregister.com) (ign.com) This time, Rockstar’s public line is narrower: limited company information, no player impact, no operational disruption. The next test is whether any leaked files contradict that description once the ransom deadline passes. (helpnetsecurity.com) (bbc.co.uk)
