- ShinyHunters ransomware group targets Rockstar Games, demands payment.
- Rockstar Games confirms data breach via third-party vendor.
- Hackers accessed data through cloud monitoring tool vulnerability.
A ransomware group known as ShinyHunters has added Rockstar Games to its dark web leak site, threatening to publish or sell stolen data if the gaming giant does not pay up. Rockstar Games has confirmed the breach, linking it to a third-party vendor, and says only a limited amount of non-material company information was accessed.
The company maintains that the incident has no impact on its operations or players. The deadline set by the hackers is April 14, 2026.
How Did ShinyHunters Get Into Rockstar Games’ Systems?
According to a report by The Cybersecurity Guy, the attack was not a direct hit on Rockstar Games itself. Instead, hackers targeted a SaaS cloud-cost monitoring tool used by the company.
That breach allowed them to grab authentication tokens, which they then used to access a third-party managed cloud-native data platform connected to Rockstar, moving through it as if they were a legitimate internal service.
ShinyHunters, also tracked under the name UNC6040, is no stranger to high-profile breaches. Google’s Threat Intelligence Group had previously confirmed that the group successfully hacked one of its databases and stole user data.
The group’s leak site posting named the tools involved directly: “Rockstar Games, your Snowflake instances were compromised thanks to Anodot.com. Pay or leak. This is a final warning to reach out by 14 Apr 2026 before we leak, along with several annoying (digital) problems that’ll come your way.”
What Did Rockstar Games Say About the Breach?
A Rockstar Games spokesperson responded with a brief but firm statement: “We can confirm that a limited amount of non-material company information was accessed in connection with a third-party data breach. This incident has no impact on our organisation or our players.”
The exact nature of what was stolen has not been confirmed. The Cybersecurity Guy has since advised organisations to rotate authentication tokens regularly, noting: “Automated rotation means a stolen token becomes useless fast.”
