Hackers threaten Rockstar data leak after ransom refusal

Tuesday 14 April 2026 - 09:40

By: Dakir Madiha

Hackers threaten Rockstar data leak after ransom refusal

The hacking group ShinyHunters says it will release stolen data from Rockstar Games after the company declined to meet ransom demands, setting up a potential leak tied to an April 14 deadline.

The breach did not originate from Rockstar’s internal systems. Instead, attackers exploited a third-party service, Anodot, which Rockstar uses to monitor data warehouse performance on Snowflake. By extracting authentication tokens from Anodot’s compromised infrastructure, the group gained access to Rockstar’s Snowflake environment while appearing as legitimate internal activity, delaying detection.

According to BleepingComputer, the broader campaign affected more than a dozen Snowflake customers. The attackers claim to have accessed data from multiple companies through tokens obtained via Anodot. Snowflake confirmed that the breach stemmed from a compromised integration partner and stated its own systems were not directly affected. Anodot, acquired by Glassbox in 2025, took its connectors offline globally as the incident unfolded.

Rockstar downplayed the impact in a statement shared with Kotaku, saying only limited, non-sensitive corporate data was accessed and that neither its operations nor players were affected.

ShinyHunters presented a different account. In a message posted on its dark web leak site on April 11, the group warned Rockstar to pay or face full disclosure of the data. The hackers claim the material includes internal financial documents, marketing plans, and analytics, rather than player credentials or personal data.

In comments to the BBC, the group said Rockstar had refused to negotiate and confirmed plans to publish the data, possibly before the stated deadline. The BBC described ShinyHunters as a prolific, English-speaking cybercrime group known for data theft and extortion.

The incident follows a pattern for Rockstar, which faced a major breach in 2022 when early footage of Grand Theft Auto VI was leaked by a teenage hacker later sentenced to indefinite hospital detention.

ShinyHunters has been active since 2020 and has previously been linked to breaches involving Microsoft, Ticketmaster, and AT&T. Google Threat Intelligence Group said it is monitoring the Anodot-related campaign but declined to provide further details.