As reported by The Cybersec Guru, Rockstar Games has suffered a security breach of indeterminate scope by the group ShinyHunters. ShinyHunters has threatened to release the data if Rockstar does not pay a ransom, while the company has confirmed the validity of the claim in a statement to Cybersec Guru and Kotaku:
“We can confirm that a limited amount of non-material company information was accessed in connection with a third-party data breach," a Rockstar spokesperson wrote. "This incident has no impact on our organization or our players.”
ShinyHunters claim to have breached Rockstar's outsourced Snowflake cloud storage system by way of a third-party analytics tool, Anodot, which reportedly suffered its own breach recently. With authentication tokens from Anodot, ShinyHunters would not have needed to crack Snowflake's security directly.
They would have just been recognized as an authorized party and let in through the front door, like Agent 47 in a security guard outfit. ShinyHunters claims to have had access to Rockstar's database for a significant amount of time before it was realized anything was amiss.
"Your Snowflake instances were compromised thanks to Anodot.com. Pay or leak," ShinyHunters wrote in a post on their site. "This is a final warning to reach out by 14 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline."
Feeling déjà vu here? You're not alone: We learned about GTA6 in the first place from the disastrous 2022 hack of Rockstar by a 17-year-old in Oxfordshire. To be Rockstar once again on the precipice of such a catastrophe a scant four years later? I can only quote Brass Eye: "This is the one thing we didn't want to happen."
If that hack was for love of the game, ShinyHunters look to be strictly business: According to Cybersec Guru, they've targeted the likes of Microsoft, Wattpad, Cisco, AT&T, and Ticketmaster in the past few years.
If I have one takeaway from this early stage of the story, it's the oblique path the hackers allegedly took to access Rockstar's data. It's almost trite to say at this point, but it's never some super-advanced ICE breaker, elite hacker console jockey business behind these headline security breaches.
It's your third-party software-as-a-service vendor having worse security than you do, the dumbest guy at your company plugging in a USB stick he found in the parking lot, or some bush league people finder outfit in Florida losing literally everybody's Social Security number. Isn't that comforting? No matter how secure you are, someone less careful than you is probably leaving you compromised.
