Rockstar Games gets a taste of grand theft data amid ShinyHunters threat of 'Pay or leak'

The claim

It has been reported that the extortion group ShinyHunters pinned Rockstar Games to its leak site and posted a blunt ultimatum: "Pay or leak." The Register says the crew claimed Rockstar's Snowflake metrics were compromised via Anodot.com, and warned the company to make contact by 14 Apr 2026 or face a public dump and "several annoying (digital) problems." Short. Loud. Threatening.

Rockstar's response

Rockstar has not answered detailed questions, but it has been reported that the company told Kotaku a "limited amount of non-material company information" was accessed through a third party and that there is no impact on players or operations. The studio declined to specify what data was taken, whether a ransom demand was issued, or who exactly was behind the intrusion.

How it allegedly happened

According to the claim, there was no theatrical exploit — just stolen authentication tokens from Anodot, a cloud cost-monitoring service tied to Rockstar's Snowflake data warehouse. Allegedly, those tokens were reused to impersonate an internal service, turning valid credentials into a master key. If true, it’s less Hollywood heist and more someone walking through an open back door while the lights were on.

Why it matters

This fits a pattern. ShinyHunters has reportedly focused on APIs, identity systems, and SaaS integrations rather than brute forcing hardened perimeters — Cisco, Telus and others have been named in that run. Remember the 2022 GTA VI leak? That painful episode, where someone talked their way into Slack, is still fresh in the industry’s memory. So what’s the lesson? SaaS sprawl and token hygiene are now prime targets. Patch the doors — or expect another headline.

Sources: The Register