ShinyHunters, the hacking group behind several corporate breaches, claims to have accessed Rockstar Games‘ secured cloud servers and is demanding payment by April 14, 2026. The group posted details of the Rockstar Games hack to its dark web leak site on April 11, threatening a public data release if its demand goes unmet.
Reports from cybersecurity outlets Cybersec Guru and Hackread first covered the post, which read: “Rockstar Games, your Snowflake instances were compromised thanks to Anodot.com. Pay or leak. This is a final warning to reach out by 14 Apr 2026 before we leak, along with several annoying (digital) problems that’ll come your way.”
How the Rockstar Games hack happened
The attackers did not breach Snowflake directly. Instead, they exploited Anodot, a cloud cost monitoring service that Rockstar uses, to gain access to the company’s Snowflake environment. The data involved reportedly includes contracts, financial documents, and marketing plans. Player accounts, passwords, and payment information appear unaffected. Rockstar has not confirmed the exact scope of what was accessed.
The use of a third-party monitoring service as an entry point fits a pattern in recent enterprise breaches. Rather than targeting a company’s core infrastructure directly, attackers go after integrated tools and vendors that hold privileged access but receive less security scrutiny. The approach is harder to defend against because the breach originates outside the victim’s direct control.
Rockstar’s response
Rockstar Games confirmed the incident but described its scope as limited. The company said: “A limited amount of non-material company information was accessed in connection with a third-party data breach. This incident has no impact on our organization or our players.”
The term “non-material” suggests the company does not consider the exposed information financially significant or subject to regulatory disclosure requirements.
ShinyHunters’ history
ShinyHunters has operated since 2020 and is linked to breaches at Microsoft, Ticketmaster, Cisco, AT&T, and Wattpad. The group posts stolen data to dark web forums and uses the threat of public releases to pressure companies into paying. In the Ticketmaster breach, the group claimed to have data on hundreds of millions of customers.
Some members have faced criminal charges in the United States. Despite that legal exposure, the group has continued operating under the ShinyHunters name.
Not Rockstar’s first breach
In September 2022, a teenager known online as “teapotuberhacker” breached Rockstar’s internal Slack and leaked early development footage of GTA 6. The attacker, identified as Arion Kurtaj, received an indefinite hospital order in the UK after a court found him unfit to stand trial. That breach involved game development footage rather than business records.
Rockstar has not said whether it intends to pay the ransom or what legal steps it is taking in response.