Rockstar Games Hacked: 78.6 Million Records Leaked After Third-Party Breach

Published: April 13, 2026 | 11:24 PM EDT

Rockstar Games confirmed a data breach after the hacking group ShinyHunters exploited a third-party integration to access the company's internal Snowflake data warehouse, ultimately leaking over 78.6 million records on April 14, 2026.

The breach did not result from a direct attack on Rockstar's infrastructure. Instead, ShinyHunters leveraged Anodot, an AI-powered cloud cost monitoring SaaS platform that Rockstar uses to manage its digital infrastructure. Attackers extracted authentication tokens from Anodot's systems, allowing them to impersonate a legitimate internal service and access Rockstar's connected Snowflake data warehouse.

No vulnerability in Snowflake itself was exploited. The stolen tokens provided trusted, seemingly legitimate access that initially evaded detection.

Anodot had flagged connectivity issues as early as April 4, noting that its data collectors were offline across regions including Snowflake, Amazon S3, and Amazon Kinesis. The timeline suggests the compromise was already underway before Rockstar was notified.

On April 11, ShinyHunters posted a warning on their dark web leak site demanding payment by April 14. When Rockstar declined to negotiate, consistent with law enforcement guidance against paying ransoms, the group released the stolen data.

The leaked archive contains 78.6 million records described as a multi-domain analytics dataset for GTA Online and Red Dead Online. The data reveals GTA Online generated approximately $500 million annually, driven by $7.3 million in weekly Shark Card sales and $2.3 million in GTA+ subscription revenue.

Platform breakdowns show PS5 as the top revenue driver with $4.49 million in weekly bookings and 3.47 million weekly active users, followed by Xbox Series X at $1.87 million weekly. Player activity metrics indicate GTA Online averaged 9.9 million weekly active users with peaks at 15.4 million, while Red Dead Online averaged 969,848 weekly users.

Critically, no player passwords, payment details, personally identifiable information, source code, or GTA 6 development assets were included in the leak.

A Rockstar spokesperson stated: "We can confirm that a limited amount of non-material company information was accessed in connection with a third-party data breach. This incident has no impact on our organization or our players."

ShinyHunters has previously breached Ticketmaster, AT&T, Microsoft, and Cisco using similar supply-chain attack vectors. The Anodot-to-Snowflake pivot demonstrates that even organizations with hardened internal environments remain exposed through third-party connectors holding privileged access credentials.

Security teams should audit all SaaS integrations for least-privilege access, rotate authentication tokens regularly, and monitor for anomalous Snowflake query behavior as early indicators of lateral movement through third-party tooling.

Sources: Cybersecurity News, Kotaku, IGN, BBC This story is developing.