Rockstar Games has confirmed that it suffered a data breach incident that exposed internal analytics data.
Earlier today, the ShinyHunters threat group leaked the data online, claiming access to Snowflake-hosted datasets tied to the company’s online services.
The incident first surfaced when ShinyHunters disclosed the breach without releasing the data, threatening to do so unless Rockstar reached an agreement, typically involving a ransom payment. In a statement shared with Kotaku, the company acknowledged the incident, stating: “We can confirm that a limited amount of non-material company information was accessed in connection with a third-party data breach. This incident has no impact on our organization or our players.” Earlier today, the threat actor escalated the situation by publishing the dataset.
According to information the threat actor has shared with CyberInsider, the compromised data originates from Rockstar’s Snowflake instances and represents a “multi-domain analytics dataset” used for GTA Online and Red Dead Online. The dataset allegedly aggregates several categories of operational data, including revenue metrics, player behavior tracking, in-game economy balancing, fraud detection systems, and customer support insights. The leaked archive contains over 78 million records, though the threat actor has not estimated how many accounts have been impacted.
ShinyHunters, a well-known hacking collective with a history of targeting cloud-based data warehouses and SaaS platforms, appears to have obtained the data through a broader compromise involving Snowflake environments. Attackers reportedly stole authentication tokens during a security incident at Anodot, an analytics platform that integrates with Snowflake, and used them to access customer data environments.
Rockstar Games, a subsidiary of Take-Two Interactive, is one of the largest video game developers globally, responsible for major franchises such as Grand Theft Auto and Red Dead Redemption. Its online platforms, particularly GTA Online, generate substantial recurring revenue and rely heavily on analytics systems to monitor player engagement, in-game economies, and fraud prevention. Although the company maintains that the breached data is “non-material,” the exposure of such analytics could still provide insights into internal operations and monetization strategies.
At this stage, there is no indication that player credentials, passwords, or personally identifiable information were included in the leaked dataset. However, the inclusion of customer support and fraud detection data raises questions about whether any indirect user-related information could be inferred from the dataset.
Leave a Reply