NEWS

Rockstar Games gets a taste of grand theft data

ShinyHunters claims it accessed Snowflake metrics via third-party tool ShinyHunters is back, this time pinning Rockstar Games to its leak site and claiming it didn't so much hack its way in as walk through a door someone else left wide open.…

By The Register

• April 13, 2026 at 10:41 AM

Rockstar Games gets a taste of grand theft data Photo: The Register

ShinyHunters claims it accessed Snowflake metrics via third-party tool
ShinyHunters is back, this time pinning Rockstar Games to its leak site and claiming it didn't so much hack its way in as walk through a door someone else left wide open.

The crew's post, seen by The Register , is about as subtle as a brick through a window: "Rockstar Games.

Your Snowflake instances metrics data was compromised thanks to Anodot.com.

Pay or leak.

This is a final warning to reach out by 14 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way.

Make the right decision, don't be the next headline."
Grand Theft Auto developer Rockstar didn't respond to The Register 's questions, but issued a short statement to Kotaku confirming that "a limited amount of non-material company information" was accessed via a third-party breach, adding that there's no impact on players or operations.

The company didn't say what kind of data was compromised, who was responsible for the attack, or whether a ransom demand was made.

ShinyHunters is also keeping quiet about how much data it's sitting on and what exactly it managed to lift.

However, if the group's claims are to be believed, the way in wasn't via Snowflake itself, but through Anodot, a cloud cost-monitoring tool connected to Rockstar's data warehouse.

The claim is that authentication tokens were lifted and reused, allowing intruders to masquerade as a legitimate internal service.

If the claims are valid, that means there would have been no clever exploit chain – just valid credentials being used as intended, only by someone who shouldn't have them.

If that's how this played out, it would have looked like business as usual – just background noise that security teams are trained to ignore.

While Rockstar is far from the group's only claimed victim, this isn't the company's first run-in with unwanted guests either.

Back in 2022, the company was blindsided by a breach that dumped early GTA VI footage all over the internet after a teenager was accused of talking his way into its Slack.

The attacker, an 18-year-old from Oxford, was later handed an indefinite hospital order and will only be released if doctors decide he's no longer a risk.