Rockstar Games receives “pay or leak” warning after cyberattack

Rockstar Games, the developer behind titles such as Grand Theft Auto and Red Dead Redemption, has confirmed a cyberattack claimed by hacking group ShinyHunters, which says it accessed the company’s Snowflake environment and obtained data.

The attackers exploited Anodot, a third-party SaaS platform used for cloud cost monitoring and analytics, as the entry point and are reported to have extracted authentication tokens, enabling access to a connected Snowflake account without exploiting vulnerabilities in Snowflake itself.

The group posted a message on its dark web leak site on April 11 stating: “Rockstar Games! Your Snowflake instances were compromised thanks to Anodot.com. Pay or leak.” The message set a payment deadline of April 14.

Anodot said on April 4 that its connectors were down across regions, including Snowflake, Amazon S3, and Amazon Kinesis. A later update stated: “Alerts are functional again. Data Collectors are still offline.”

Rockstar said in a statement to Kotaku: “We can confirm that a limited amount of non-material company information was accessed in connection with a third-party data breach. This incident has no impact on our organization or our players.”

The company did not disclose what type of data was compromised, who was behind the attack, or whether a ransom demand was made. ShinyHunters has also not said how much data it may have obtained or what it contains.

Other recent confirmed attacks by ShinyHunters include the European Commission, Aura, and Salesforce.