ShinyHunters Claims Rockstar Games Breach via Anodot-Snowflake Integration
Threat group ShinyHunters has listed Rockstar Games on its leak site, alleging a data breach through a compromised Anodot-Snowflake integration. The group has set an April 14 deadline for the studio to respond to its ransom demands.
This incident follows Rockstar’s 2022 breach, where early Grand Theft Auto VI footage was leaked via a social engineering attack on its internal Slack. Unlike that incident orchestrated by an individual this latest threat appears to be part of a larger campaign targeting companies using cloud-based data warehousing and monitoring tools.
ShinyHunters, known for high-profile breaches at Ticketmaster, AT&T, and Microsoft, allegedly bypassed Rockstar’s security by exploiting an automated integration with Anodot, a third-party cloud-cost monitoring platform. The group claims to have accessed Rockstar’s Snowflake environment which stores analytical data and player telemetry by harvesting authentication tokens from Anodot. This method allows attackers to bypass multi-factor authentication using long-lived service tokens, a tactic ShinyHunters has increasingly employed since late 2025.
Rockstar is not the only target. The group has also listed Amtrak and McGraw Hill, claiming to have compromised over 100 million records through third-party Salesforce integrations. While Rockstar and its parent company, Take-Two Interactive, have yet to issue an official statement or regulatory disclosure, the breach if confirmed could expose sensitive corporate and player data. The April 14 deadline suggests the group may release the data if demands are unmet.
Rockstar Games cybersecurity rating report: https://www.rankiteo.com/company/rockstar-games
Take-Two Interactive cybersecurity rating report: https://www.rankiteo.com/company/take-2-interactive-software-inc-
Anodot by Glassbox cybersecurity rating report: https://www.rankiteo.com/company/anodot-ai
"id": "ROCTAKANO1775910501",
"linkid": "rockstar-games, take-2-interactive-software-inc-, anodot-ai",
"type": "Vulnerability",
"date": "4/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Video Game Development',
'name': 'Rockstar Games',
'type': 'Company'},
{'industry': 'Video Game Publishing',
'name': 'Take-Two Interactive',
'type': 'Parent Company'},
{'industry': 'Transportation',
'name': 'Amtrak',
'type': 'Company'},
{'industry': 'Education Publishing',
'name': 'McGraw Hill',
'type': 'Company'}],
'attack_vector': 'Exploitation of third-party integration (Anodot-Snowflake)',
'data_breach': {'number_of_records_exposed': 'Over 100 million (across '
'multiple targets)',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Corporate data',
'Player telemetry']},
'description': 'Threat group ShinyHunters has listed Rockstar Games on its '
'leak site, alleging a data breach through a compromised '
'Anodot-Snowflake integration. The group has set an April 14 '
'deadline for the studio to respond to its ransom demands. The '
'breach appears to be part of a larger campaign targeting '
'companies using cloud-based data warehousing and monitoring '
'tools.',
'impact': {'data_compromised': 'Sensitive corporate and player data',
'systems_affected': 'Snowflake environment (analytical data and '
'player telemetry)'},
'initial_access_broker': {'entry_point': 'Anodot-Snowflake integration'},
'investigation_status': 'Ongoing',
'motivation': 'Ransom',
'post_incident_analysis': {'root_causes': 'Exploitation of long-lived service '
'tokens in third-party '
'integrations'},
'ransomware': {'ransom_demanded': True},
'references': [{'source': 'ShinyHunters leak site'}],
'threat_actor': 'ShinyHunters',
'title': 'ShinyHunters Claims Rockstar Games Breach via Anodot-Snowflake '
'Integration',
'type': 'Data Breach',
'vulnerability_exploited': 'Authentication tokens harvested from Anodot, '
'bypassing multi-factor authentication'}