Rockstar Games, the developer behind the Grand Theft Auto franchise, has confirmed a security breach involving a third-party service provider. The company stated that a "limited amount of non-material company information" was accessed during the incident, emphasizing that the breach has had no impact on its organization or players.
The breach came to light after the hacker collective ShinyHunters targeted the gaming studio on its leak site. The group claimed to have compromised Snowflake metrics data belonging to the developer, threatening to release the information unless a ransom was paid by April 14, 2026. According to Dexerto, the group informed the BBC on April 13 that their demands had not been met and that they intend to publish the stolen data online.
Third-party access points
While Rockstar did not disclose the specific vendor involved, reports suggest the breach occurred through Anodot, a cloud cost-monitoring tool integrated with Rockstar’s internal data environment. The attackers allegedly bypassed security by utilizing stolen authentication tokens, allowing them to impersonate legitimate internal services. Dexerto reported that the breach is believed to involve corporate data, including marketing plans for GTA 6, a detail previously unconfirmed in initial reports.
This method of entry highlights a growing trend among cyber-criminal groups. Rather than attempting to break through hardened network perimeters, attackers are increasingly targeting software-as-a-service (SaaS) integrations and API credentials to gain access to cloud environments.
ShinyHunters has previously been linked to a series of high-profile data heists targeting companies such as Cisco and Telus. The group’s strategy typically involves harvesting credentials from third-party platforms to pivot into the internal systems of larger corporate entities. This incident marks another security challenge for the studio, following a 2022 leak where early development footage of Grand Theft Auto VI was published online by unauthorized actors.
