Rockstar Games gets a taste of grand theft data amid ShinyHunters threat of 'Pay or leak'
(2026/04/13)
- Reference: 1776076868
- News link: https://www.theregister.co.uk/2026/04/13/shinyhunters_rockstar_breach/
- Source link:
ShinyHunters is back, this time pinning Rockstar Games to its leak site and claiming it didn't so much hack its way in as walk through a door someone else left wide open.
The crew's post, seen by The Register , is about as subtle as a brick through a window: "Rockstar Games. Your Snowflake instances metrics data was compromised thanks to Anodot.com. Pay or leak. This is a final warning to reach out by 14 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline."
Grand Theft Auto developer Rockstar didn't respond to The Register 's questions, but issued a short statement to [1]Kotaku confirming that "a limited amount of non-material company information" was accessed via a third-party breach, adding that there's no impact on players or operations.
[2]
The company didn't say what kind of data was compromised, who was responsible for the attack, or whether a ransom demand was made. ShinyHunters is also keeping quiet about how much data it's sitting on and what exactly it managed to lift.
[3]
However, if the group's claims are to be believed, the way in wasn't via Snowflake itself, but through Anodot, a cloud cost-monitoring tool connected to Rockstar's data warehouse. The claim is that authentication tokens were lifted and reused, allowing intruders to masquerade as a legitimate internal service.
[4]'Several dozen' high-value corporations hit by new extortion crew in helpdesk phishing spree
[5]Smooth criminals talking their way into cloud environments, Google says
[6]Outsourcer Telus admits to attack – may have lost a petabyte of data to ShinyHunters
[7]ShinyHunters claims more high-profile victims in latest Salesforce customers data heist
If the claims are valid, that means there would have been no clever exploit chain – just valid credentials being used as intended, only by someone who shouldn't have them. If that's how this played out, it would have looked like business as usual – just background noise that security teams are trained to ignore.
ShinyHunters, meanwhile, isn't new to this game. The group has built a reputation on going after APIs, identity systems, and SaaS integrations rather than battering away at hardened perimeters. The miscreants have been linked to a wider run of breaches abusing SaaS integrations and stolen tokens, with victims including Cisco and Telus, pointing to a broader trawl through shared access rather than a one-off hit.
While Rockstar is far from the group's only claimed victim, this isn't the company's first run-in with unwanted guests either. Back in 2022, [8]the company was blindsided by a breach that dumped early GTA VI footage all over the internet after a teenager was accused of talking his way into its Slack. The attacker, an 18-year-old from Oxford, was [9]later handed an indefinite hospital order and will only be released if doctors decide he's no longer a risk. ®
Get our [10]Tech Resources
[1] https://kotaku.com/rockstar-games-reportedly-hacked-massive-data-leak-ransom-gta-6-shinyhunters-2000686858
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2ad0TJuifw2c4CIwlp2A2-AAAABA&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ad0TJuifw2c4CIwlp2A2-AAAABA&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[4] https://www.theregister.com/2026/04/09/several_dozen_highvalue_corporations_targeted/
[5] https://www.theregister.com/2026/03/23/voice_phishing_skyrockets_as_smooth/
[6] https://www.theregister.com/2026/03/15/telus_breach_starbucks_attack/
[7] https://www.theregister.com/2026/03/09/shinyhunters_claims_more_highprofile_victims/
[8] https://www.theregister.com/2022/09/19/grand_theft_auto_6_hacked/
[9] https://www.bbc.co.uk/news/technology-67663128
[10] https://whitepapers.theregister.com/
The crew's post, seen by The Register , is about as subtle as a brick through a window: "Rockstar Games. Your Snowflake instances metrics data was compromised thanks to Anodot.com. Pay or leak. This is a final warning to reach out by 14 Apr 2026 before we leak along with several annoying (digital) problems that'll come your way. Make the right decision, don't be the next headline."
Grand Theft Auto developer Rockstar didn't respond to The Register 's questions, but issued a short statement to [1]Kotaku confirming that "a limited amount of non-material company information" was accessed via a third-party breach, adding that there's no impact on players or operations.
[2]
The company didn't say what kind of data was compromised, who was responsible for the attack, or whether a ransom demand was made. ShinyHunters is also keeping quiet about how much data it's sitting on and what exactly it managed to lift.
[3]
However, if the group's claims are to be believed, the way in wasn't via Snowflake itself, but through Anodot, a cloud cost-monitoring tool connected to Rockstar's data warehouse. The claim is that authentication tokens were lifted and reused, allowing intruders to masquerade as a legitimate internal service.
[4]'Several dozen' high-value corporations hit by new extortion crew in helpdesk phishing spree
[5]Smooth criminals talking their way into cloud environments, Google says
[6]Outsourcer Telus admits to attack – may have lost a petabyte of data to ShinyHunters
[7]ShinyHunters claims more high-profile victims in latest Salesforce customers data heist
If the claims are valid, that means there would have been no clever exploit chain – just valid credentials being used as intended, only by someone who shouldn't have them. If that's how this played out, it would have looked like business as usual – just background noise that security teams are trained to ignore.
ShinyHunters, meanwhile, isn't new to this game. The group has built a reputation on going after APIs, identity systems, and SaaS integrations rather than battering away at hardened perimeters. The miscreants have been linked to a wider run of breaches abusing SaaS integrations and stolen tokens, with victims including Cisco and Telus, pointing to a broader trawl through shared access rather than a one-off hit.
While Rockstar is far from the group's only claimed victim, this isn't the company's first run-in with unwanted guests either. Back in 2022, [8]the company was blindsided by a breach that dumped early GTA VI footage all over the internet after a teenager was accused of talking his way into its Slack. The attacker, an 18-year-old from Oxford, was [9]later handed an indefinite hospital order and will only be released if doctors decide he's no longer a risk. ®
Get our [10]Tech Resources
[1] https://kotaku.com/rockstar-games-reportedly-hacked-massive-data-leak-ransom-gta-6-shinyhunters-2000686858
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2ad0TJuifw2c4CIwlp2A2-AAAABA&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ad0TJuifw2c4CIwlp2A2-AAAABA&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[4] https://www.theregister.com/2026/04/09/several_dozen_highvalue_corporations_targeted/
[5] https://www.theregister.com/2026/03/23/voice_phishing_skyrockets_as_smooth/
[6] https://www.theregister.com/2026/03/15/telus_breach_starbucks_attack/
[7] https://www.theregister.com/2026/03/09/shinyhunters_claims_more_highprofile_victims/
[8] https://www.theregister.com/2022/09/19/grand_theft_auto_6_hacked/
[9] https://www.bbc.co.uk/news/technology-67663128
[10] https://whitepapers.theregister.com/
modern business nutts!
cookiecutter
so lets shovel everything into the cloud, sing a layer of that that didn't used to exist, then let's have to buy management SaaS provision because Cloud is specifically designed to be impossible to predict costs, then let's add offshoring, outsourcing , devops using anything with s dumb name that turns up on github or the CNCF, widening that attack structure
then everyone who one day says "IT have to do more with less" & "move fast break things" - suddenly cry like little kids when stuff breaks or gets hacked or HOPEFULLY SOON with NIS2 someone senior ends up in court
Is it in poor taste if I simply say...
WASTED