Rockstar Games has confirmed a major data breach after the hacking group ShinyHunters exploited a third-party SaaS integration with Anodot to gain unauthorized access to its internal Snowflake data warehouse.
The incident led to the leak of over 78.6 million records on April 14, 2026, raising fresh concerns about supply-chain cyberattacks, SaaS security risks, token-based authentication abuse, and data exposure in major gaming platforms like GTA Online and Red Dead Online.
The breach did not originate from a direct attack on Rockstar’s internal systems. Instead, attackers leveraged Anodot, an AI-powered cloud cost monitoring and analytics platform used by Rockstar, as the entry point. By extracting authentication tokens from Anodot’s systems, ShinyHunters successfully impersonated a trusted internal service and moved laterally into Rockstar’s connected Snowflake environment.
Importantly, no vulnerability within Snowflake itself was exploited. The attackers relied on valid authentication tokens, which granted legitimate-looking access and allowed the intrusion to initially go undetected.
Timeline and Attack Method
Anodot had already reported connectivity disruptions as early as April 4, 2026, noting that its data collectors were offline across multiple services, including Snowflake, Amazon S3, and Amazon Kinesis. This suggests the breach may have been in progress well before Rockstar became aware.
ShinyHunters is known for executing supply-chain attacks that target identity systems, API keys, and third-party integrations rather than exploiting software vulnerabilities directly. On April 11, 2026, the group issued a warning via its dark web leak site, claiming responsibility for the compromise and demanding payment to prevent data exposure.
When Rockstar refused to negotiate — aligning with global law enforcement guidance against paying ransoms — ShinyHunters confirmed it would release the stolen data and followed through on April 14.
What Data Was Leaked
The leaked archive reportedly contains 78.6 million records, described as a multi-domain analytics dataset tied to GTA Online (GTAO) and Red Dead Online.
Key insights from the leaked data include:
- GTA Online generates approximately $500 million annually
- Weekly revenue includes about $7.3 million from Shark Card sales and $2.3 million from GTA+ subscriptions
- PlayStation 5 leads platform revenue with $4.49 million in weekly bookings and 3.47 million weekly active users
- Xbox Series X follows with $1.87 million in weekly revenue
- GTA Online averages 9.9 million weekly active users, peaking at 15.4 million
- Red Dead Online averages roughly 970,000 weekly active users
Crucially, the leak does not include player passwords, payment information, personally identifiable information (PII), source code, or assets related to GTA 6.
Rockstar’s Response
In official statements to media outlets, Rockstar Games confirmed that only a limited amount of non-sensitive company data was accessed. The company emphasized that the breach has no impact on its operations or its player base.
Growing Threat of Supply-Chain Attacks
This incident highlights the increasing risk of supply-chain cyberattacks through trusted SaaS integrations. ShinyHunters has previously targeted major organizations using similar tactics, focusing on credential theft and token misuse rather than traditional system exploits.
The Anodot-to-Snowflake attack path demonstrates how even well-secured organizations can be exposed through third-party services that maintain privileged access.
Security Recommendations
To mitigate similar risks, security teams should:
- Audit all third-party SaaS integrations for least-privilege access
- Regularly rotate authentication tokens and API keys
- Monitor for unusual query patterns in Snowflake environments
- Implement stricter identity and access management controls across integrations
Updated: April 14, 2026 — ShinyHunters has officially published the dataset following Rockstar’s refusal to pay the ransom demand, marking another high-profile example of modern supply-chain compromise.
