Hackers claim breach of Rockstar Games via cloud analytics platform

Editor's note: This article was updated with comment from Rockstar Games at 11:40 a.m. EST on April 13.

The ShinyHunters cybercrime group has claimed responsibility for breaching systems linked to video game developer Rockstar Games, threatening to release stolen data if a ransom is not paid.

The group said it accessed Rockstar’s cloud-hosted data and warned the information would be leaked if the company fails to respond by April 14.

Rockstar Games confirmed that some company data had been accessed but downplayed the impact.

"We can confirm that a limited amount of non-material company information was accessed in connection with a third-party data breach," the company said. "This incident has no impact on our organization or our players." 

ShinyHunters claimed on its dark web site that the breach involved data stored in Rockstar’s Snowflake cloud environment and that the intrusion occurred through Anodot, a cloud cost-monitoring and analytics platform used by companies to analyze their cloud infrastructure spending.

According to previous security reports, attackers allegedly obtained authentication tokens from Anodot that allowed them to access customer Snowflake accounts without directly breaching Rockstar or Snowflake systems. Anodot is an AI-driven analytics platform used by companies to track cloud spending and detect anomalies.

ShinyHunters did not specify what information it allegedly obtained from Rockstar, and it is unclear if the company is negotiating with the attackers.

The incident follows reports of a broader supply-chain compromise involving Anodot that may have exposed sensitive data belonging to multiple Snowflake customers. ShinyHunters recently claimed it had discovered authentication tokens belonging to the service, allowing it to access cloud environments used by more than a dozen organizations.

ShinyHunters is a financially motivated cybercrime group active since at least 2020. The group has previously claimed breaches of major companies across several industries. In January, it said it had hacked Match Group, the operator of dating platforms including Tinder, Hinge and OkCupid.

Rockstar Games, the developer behind the blockbuster Grand Theft Auto franchise, has previously faced high-profile cyber incidents. In 2022, a hacker leaked internal footage and development materials from the upcoming installment of the GTA series after breaching the company’s systems.

Video game developers have increasingly become targets for cybercriminals seeking valuable intellectual property and corporate data. Major studios including Activision Blizzard, Bandai Namco, Capcom, CD Projekt Red and Riot Games have all experienced cybersecurity incidents in recent years.

Additional reporting by Jonathan Greig.