In Brief:
- Hacking group ShinyHunters says it breached Rockstar Games’ Snowflake data warehouse by exploiting a compromised third-party tool called Anodot, and has set an April 14 deadline to pay ransom or face a data leak.
- The stolen data reportedly includes financial records, player spending analytics, marketing timelines and contracts with Sony, Microsoft, voice actors and music licensors.
- Rockstar confirmed the breach but told outlets the attackers accessed only “non-material company information” and that neither the organization nor its players are affected.
Rockstar Games is facing its second data breach in four years. Hacking group ShinyHunters posted the GTA 6 developer on its dark web leak site on April 11, claiming it accessed Rockstar’s cloud data and demanding ransom payment by April 14.
The group didn’t go through Rockstar directly. ShinyHunters said it exploited Anodot, a SaaS cloud-cost monitoring platform that Rockstar uses to track infrastructure spending. Anodot holds deep permissions on its clients’ cloud systems to function properly, and ShinyHunters reportedly harvested authentication tokens from Anodot’s compromised environment to access Rockstar’s Snowflake data warehouse without triggering alarms.
“Rockstar Games, your Snowflake instances were compromised thanks to Anodot.com. Pay or leak. This is a final warning to reach out by 14 Apr 2026 before we leak, along with several annoying (digital) problems that’ll come your way. Make the right decision, don’t be the next headline,” the group wrote.
Snowflake confirmed to BleepingComputer that Anodot had suffered a security incident and that a small number of customers were affected.
What was accessed
The data at risk is corporate, not consumer-facing. According to reporting from multiple cybersecurity outlets, the breach potentially exposed financial records from GTA Online and Red Dead Online, player spending habits and geographic analytics, marketing timelines for GTA 6 and contractual agreements with Sony, Microsoft, voice actors and music labels.
There is no evidence that individual player passwords or payment information were taken. The breach appears focused on corporate-level records rather than user accounts.
Rockstar’s response
A Rockstar spokesperson confirmed the breach to multiple outlets, telling Tom’s Hardware that hackers took only “non-material company information” and that the attack doesn’t affect “our organization or our players.”
Neither Rockstar nor parent company Take-Two Interactive has said whether it intends to pay the ransom. GTA 6 remains scheduled for November 19, 2026 on PlayStation 5 and Xbox Series S|X, with no PC release date announced.
Second breach in four years
This isn’t Rockstar’s first time dealing with a hack. In 2022, an 18-year-old named Arion Kurtaj breached the company through its internal Slack channel and leaked over 90 in-development GTA 6 gameplay videos in one of the gaming industry‘s most high-profile security incidents.
ShinyHunters is a well-known threat group with a history of large-scale breaches. The group previously hit Ticketmaster, AT&T and Microsoft. Earlier in 2026, it claimed to have obtained Salesforce-linked data tied to more than 400 companies and published data from 26 of them. Amtrak and McGraw Hill were also named as targets in the broader campaign.
The attacks were carried out over the Easter and Passover bank holiday period, which may have slowed detection and response. The April 14 deadline gives Rockstar less than three days to respond. ShinyHunters has followed through on similar threats before.
