Rockstar Games Hacked: Millions of Business Records Stolen in Ransomware Attack

Rockstar Games, the developer of the Grand Theft Auto series, has been targeted by a cyberattack resulting in the theft of approximately 78.6 million business records. The hacking group known as ShinyHunters claimed responsibility for the breach, stating that the data was exfiltrated from the company’s account with the corporate data management firm Snowflake.

The breach was not a direct compromise of Rockstar Games’ internal systems or the Snowflake platform itself. Instead, the attackers gained access through a compromise of Anodot, an AI-powered business analytics platform. This third-party vulnerability allowed the group to access Rockstar’s data stored within Snowflake.

Technical Scope and Data Exposure

According to reporting from Bleeping Computer, the stolen data consists of business-centric records rather than individual player account credentials. The compromised information includes in-game revenue and purchase metrics, game economy data and player behavior tracking for the titles Red Dead Online and Grand Theft Auto Online.

A representative for ShinyHunters confirmed to Reuters on April 13, 2026, that they hold 78.6 million records. The group issued a final warning on their website, demanding a ransom payment by April 14, 2026, to prevent the public leak of the confidential data.

Rockstar Games, your Snowflake instances were compromised thanks to Anodot.com. Pay or leak. What we have is a final warning to reach out by 14 Apr 2026 before we leak, along with several annoying (digital) problems that’ll come your way. Make the right decision, don’t be the next headline.

ShinyHunters

Corporate Responses

Rockstar Games has downplayed the severity of the incident. A spokesperson for the company stated that the breach involved a limited amount of non-material company information and asserted that the incident has no impact on our organisation or our players.

Snowflake clarified that the event was not a compromise of Snowflake’s platform or environment, but rather a result of a compromise of Anodot. Upon discovering the unusual activity, Snowflake proactively disabled all user accounts that referenced Anodot to prevent further unauthorized connections.

Threat Actor Profile and Context

ShinyHunters is described as a prolific group of English-speaking cybercriminals, believed to be in their teens, who specialize in data theft and extortion. The group frequently exploits API keys, user sessions, and third-party integrations to gain access to corporate environments. They have previously claimed responsibility for a breach targeting the ticket operator Ticketmaster.

This incident marks the second significant security breach for Rockstar Games in recent years. In 2022, an individual hacker accessed internal development channels, leaking nearly 100 early gameplay videos for Grand Theft Auto VI and allegedly acquiring the source code for both Grand Theft Auto V and Grand Theft Auto VI.

Law enforcement agencies generally advise against paying ransoms to cybercriminal groups, as such payments fuel the industry and provide no guarantee that stolen data will be deleted.