2026-04-13 | Stolen Rockstar Games analytics data leaked by extortion gang

has suffered a data breach linked to a recent security incident at Anodot, with the ShinyHunters extortion gang now leaking the stolen data on its data leak site. The threat actors claim the data was taken from Snowflake environments using authentication tokens stolen during a recent Anodot security incident. They have now published what they say is data containing more than 78.6 million records. "Your Snowflake instances metrics data was compromised thanks to ," reads a listing on the ShinyHunters extortion site. listed on ShinyHunters extortion site Source: BleepingComputer did not respond to multiple requests for comment about the breach from BleepingComputer. However, in a statement shared with Kotaku, the company confirmed that it suffered a data breach. "We can confirm that a limited amount of non-material company information was accessed in connection with a third-party data breach," Rockstar told Kotaku . "This incident has no impact on our organization or our players." The threat actors told BleepingComputer that the leaked data primarily consists of internal analytics used to monitor Rockstar's online services and support tickets. This data allegedly includes in-game revenue and purchase metrics, player behavior tracking, and game economy data for Grand Theft Auto Online and Red Dead Online. The datasets also appear to contain customer support analytics for the company's Zendesk support instance. In a file list shown to BleepingComputer, there were references to fraud detection systems and anti-cheat model testing. The incident is part of a larger data theft campaign linked to a recent security incident at Anodot , a data anomaly detection company that integrates with a wide range of SaaS cloud platforms.

As first reported by BleepingComputer, the threat actors stole authentication tokens from the service and used them to access customer data stored in connected Snowflake, S3, and Amazon Kinesis instances. Snowflake confirmed to BleepingComputer last week that it had detected unusual activity affecting a small number of customer accounts tied to a third-party integration, and responded by locking down the affected accounts and notifying customers. The company later confirmed that the third-party integration company was Anodot. The ShinyHunters group told BleepingComputer it was behind the attacks and claimed to have stolen data from dozens of companies using the compromised tokens.

previously suffered a breach in 2022 when a hacker associated with the Lapsus$ extortion group leaked Grand Theft Auto 6 gameplay videos and source code.