Rockstar On Latest Potential Hack & Information Leak: Meh, We Don’t Care

from the this-is-the-way dept

Several years ago, Rockstar Games suffered an intrusion into its corporate network. During that intrusion, a trove of data, files, and information about the in-development and unfinished Grand Theft Auto 6 game was exfiltrated. Under monetary threat of that data leaking, Rockstar completely lost its mind and went on a DMCA takedown campaign to try to remove any leaked content or footage that was being teased by the hacker in circulation. Readers here will already know that this kind of DMCA whac-a-mole never works and instead served only to Streisand the whole story into wider consciousness, working directly against Rockstar’s purposes in the first place.

Today, Rockstar is under threat of a similar leak. The company has acknowledged that hacking group ShinyHunters gained access to Rockstar information through a third-party data breach, namely that of Anodot, and has threatened to leak all that data if it isn’t paid by Rockstar.

ShinyHunters claim to have breached Rockstar’s outsourced Snowflake cloud storage system by way of a third-party analytics tool, Anodot, which reportedly suffered its own breach recently. With authentication tokens from Anodot, ShinyHunters would not have needed to crack Snowflake’s security directly⁠. They would have just been recognized as an authorized party and let in through the front door, like Agent 47 in a security guard outfit. ShinyHunters claims to have had access to Rockstar’s database for a significant amount of time before it was realized anything was amiss.

“Your Snowflake instances were compromised thanks to Anodot.com. Pay or leak,” ShinyHunters wrote in a post on their site. “This is a final warning to reach out by 14 Apr 2026 before we leak along with several annoying (digital) problems that’ll come your way. Make the right decision, don’t be the next headline.”

Unlike the previous hack and threat of a leak, however, Rockstar appears to be taking a completely different tactic. In addition to once again refusing to pay any ransom, which is absolutely the correct course of action, the company has also basically shrugged its shoulders over this entire situation.

Rockstar quickly responded to Kotaku saying that while “a limited amount of non-material company information was accessed,” the incursion would have “no impact on our organization or our players.”

There’s still no clear idea of what data has been taken, but Rockstar is certainly playing it very cool. ShinyHunters, should it go through with plans to publish the information, will likely post it to its dark web pages from which it’ll eventually filter to the wider public.

Now, I want to be careful to not give Rockstar any undue credit here. As discussed below, the type of data that was gained in this particular breach is far more banal than the previous one, which included actual unfinished game footage, and perhaps it’s that which explains this change in stance.

But I would argue that this is mostly the right course even if that weren’t the case. You can’t bottle up the genie once the leak is out there, so you might as well put your PR hat on and engage with the public in a way that puts the company and the product in the best light, while also acknowledging the thirst for more information on the unreleased game.

This is something we’ve advocated for for years now. It’s a simple as putting out a statement roughly like:

Hey, everyone! We know there might be a leak about our company and the upcoming Grand Theft Auto title coming out soon and we know you’re interested in anything you can get your hands on about the game. We are too! We want you to see the game, but we do prefer you see it in its finished state. But if you can’t wait that long, we understand. Please just also understand that we are something of a victim in all of this. It kind of hurts and is frustrating to have our plans for this release get derailed by this kind of criminal activity, but all we ultimately care about is making sure you know just how awesome the next GTA is going to be!

Good will would abound, the hackers wouldn’t get the payout that wished for, and the company could appear awesome, and, more importantly, human. I very much hope that this response from Rockstar thus far is an indication that that’s where the company is headed with all of this.

In this case, ShinyHunters did eventually release the leaked info, and you can see why Rockstar didn’t care:

Looking at the structure of the data, it does appear to come from automated exports generated by analytics pipelines. The files are compressed CSV outputs, commonly used for batch reporting in cloud data platforms like Snowflake. This supports earlier reporting that the access point was not Rockstar’s core network but a third-party analytics integration, believed to involve Anodot.

Some of the files also reference internal monitoring and testing. For example, dataset names linked to cheat detection models and platform-level revenue mismatches suggest the data includes operational insights used by Rockstar teams to manage gameplay balance and detect abuse. There are also references to Zendesk ticket metrics and customer support reporting, indicating visibility into service operations rather than individual player accounts.

What is not present in the leaked material is just as important. There are no player credentials, account data, or unreleased game assets such as GTA VI content. That aligns with Rockstar’s earlier statement that the breach involved limited company information and did not impact players.

So perhaps Rockstar’s reaction is more explained by the lack of any really problematic content in the leak. But, still, it is a reminder that you don’t have to completely freak out over every leak.

Filed Under: breach, grand theft auto, hack, leak, shinyhunters

Companies: rockstar games