Rockstar Games Faces New Extortion Attempt After Data Breach

Rockstar Games has confirmed a data breach involving a third-party provider, following claims from the hacking group ShinyHunters that the company is being targeted for extortion.

The incident involves the compromise of Rockstar’s Snowflake servers, a cloud-hosting and data provider. According to reports, the breach did not occur through a direct crack of Snowflake’s security, but rather via Anodot, a cloud cost monitoring and analytics software service used by Rockstar and other organizations to manage cloud data.

On April 11, 2026, ShinyHunters posted a message on its dark web leak site claiming access to these instances and demanding a digital ransom. The group set a deadline of April 14, 2026, for Rockstar to respond before the stolen data is published publicly.

Confirmed Impact and Company Response

Rockstar Games has acknowledged the situation, though it characterizes the impact as limited. In a statement provided to Kotaku on April 11, 2026, a company spokesperson stated:

We can confirm that a limited amount of non-material company information was accessed in connection with a third-party data breach. This incident has no impact on our organization or our players.

Rockstar Games spokesperson

Despite the company’s assertion that the data is non-material, the hacking group claims to possess a significant collection of sensitive internal information. ShinyHunters alleges that the compromised data includes financial records, player spending information, contracts with outside companies, and marketing timelines.

Technical Vector of the Attack

The breach highlights a growing trend in cybersecurity where attackers target third-party software-as-a-service (SaaS) providers to gain entry into the primary target’s environment. In this case, the vulnerability is linked to a reported security breach at Anodot.

By compromising Anodot, the attackers allegedly obtained the necessary credentials or access paths to reach Rockstar’s data stored on Snowflake. This method of attack allows hackers to appear legitimate to the target company’s security systems, making the breach more difficult to detect in real-time.

Context on ShinyHunters and Lapsus$

ShinyHunters is an established cybercrime group known for large-scale data theft and extortion. The group is linked to Lapsus$, an international extortion-focused hacker group that has previously targeted major technology companies including Samsung, Nvidia, and Microsoft.

Lapsus$ and its affiliates are known for using a variety of attack vectors, such as social engineering, SIM swapping, and MFA (multi-factor authentication) fatigue. The group often recruits accomplices via social media and uses platforms like Telegram to communicate with the public and leak stolen data.

This is not the first time Rockstar Games has dealt with high-profile leaks. In 2022, the company suffered a significant hack that resulted in the release of early gameplay footage and assets for Grand Theft Auto VI.

Summary of Alleged Stolen Data

• Financial records
• Player spending information
• Marketing timelines
• Corporate contracts with outside vendors

As of April 12, 2026, the deadline for the ransom payment remains April 14, 2026. While Rockstar Games maintains that the breach does not impact its players or core operations, the industry continues to monitor whether ShinyHunters will follow through with the threat to leak the internal company data.