Rockstar Games Snowflake breach

Rockstar Games says hackers accessed a limited amount of company information through a third-party breach, and the studio says players were not affected. (kotaku.com) The hacking group ShinyHunters posted a ransom threat on April 11, saying Rockstar’s Snowflake data had been compromised and giving the company until April 14, 2026 to respond. The Register reported the post said the access came “thanks to Anodot.com,” a software company that connects to Snowflake data. (theregister.com) Rockstar told Kotaku that “a limited amount of non-material company information” was accessed “in connection with a third-party data breach” and that the incident has “no impact on our organization or our players.” That is the company’s first public description of the scope. (kotaku.com) Snowflake is a cloud data warehouse, which means companies store large pools of business data there and let other tools query it. In this case, the alleged path into Rockstar’s data ran through Anodot, which markets software for monitoring and analyzing Snowflake usage. (theregister.com) The incident lands after a wider wave of Snowflake-linked breaches in 2024 hit companies including Ticketmaster, Santander and AT&T. Senator Richard Blumenthal wrote in July 2024 that those thefts appeared connected to breaches of Snowflake client accounts. (blumenthal.senate.gov) Google-owned Mandiant said in June 2024 that a financially motivated group it tracks as UNC5537 used stolen credentials to access Snowflake customer instances, steal records and extort victims. Mandiant said the activity targeted customer environments rather than a breach of Snowflake’s own platform. (cloud.google.com) Snowflake later changed its defaults after those investigations. Cybersecurity Dive reported in August 2024 that multi-factor authentication would be enabled by default for newly created Snowflake accounts, after investigators said attackers had used stolen logins against customer environments. (cybersecuritydive.com) ShinyHunters has been tied to other high-profile extortion and data-sale cases in recent years, which is why a public “pay or leak” post gets immediate attention even before any files appear. As of April 13, Rockstar’s public position is that the accessed information was limited and not material. (theregister.com) That leaves two questions hanging over April 14: whether any data is published, and whether Rockstar or a partner says more about what was taken. For now, the company is framing the breach as a contained third-party incident rather than a hit to player accounts or game operations. (helpnetsecurity.com)