ShinyHunters, a leading hacking group linked to several high-profile cyberattacks, claimed it accessed tens of millions of business records from Rockstar Games, the studio behind blockbuster franchises like Grand Theft Auto.
ShinyHunters Claims Massive Data Extraction
ShinyHunters said it obtained approximately 78.6 million records tied to Rockstar’s systems. The claim surfaced on a platform commonly used by the group and was later tracked by cyber intelligence firm eCrime.ch, according to external reports.
ShinyHunters told Reuters the compromised data originated from Rockstar’s account with Snowflake, a major cloud-based data management provider. However, the attackers clarified that the breach did not stem from Snowflake’s infrastructure itself.
Third-Party Vendor Anodot Identified as Entry Point
Instead, the attackers pointed to a breach involving Anodot, an AI-driven analytics company, as the primary entry point. According to the group, compromised Anodot-linked credentials or integrations enabled unauthorized access to Rockstar’s Snowflake environment.
Snowflake confirmed in statements to media outlets that the incident was not due to a vulnerability in its platform. The company said it proactively disabled user accounts associated with Anodot after detecting suspicious activity, highlighting a rapid containment response.
Rockstar and Take-Two Response
Take-Two Interactive, the parent company of Rockstar Games, has not issued a detailed public statement. However, Rockstar acknowledged that a “limited amount of non-material company information” was accessed through a third-party breach.
The company emphasized that the incident has had no impact on its operations or player data, attempting to reassure its vast global user base.
Potential Data Exposure: Game Analytics and Player Insights
Cybersecurity news outlet Bleeping Computer reported that the stolen dataset may include internal analytics such as in-game revenue figures, purchase behavior, and player engagement metrics from titles like Grand Theft Auto Online and Red Dead Online. These insights are critical for live-service game optimization and monetization strategies.
However, the full scope and authenticity of the leaked data have not been independently verified.
Wider Snowflake Ecosystem Targeted in 2024 Attacks
The incident appears to be part of a broader wave of attacks targeting Snowflake customers. Reports indicate that more than 160 organizations were affected during 2024 in coordinated data theft and extortion campaigns.
High-profile victims allegedly included Ticketmaster, Santander Group, and Advance Auto Parts. These breaches have drawn attention to the risks associated with interconnected SaaS platforms and third-party integrations.
Rising Risk from Supply Chain Cyberattacks
This incident underscores a growing trend in cybersecurity – attackers increasingly exploit weaknesses in third-party vendors rather than targeting primary systems directly. As enterprises rely on interconnected cloud platforms and AI-driven analytics tools, the attack surface expands significantly.
Security experts warn that even if core infrastructure providers like Snowflake remain secure, vulnerabilities in partner ecosystems can still lead to large-scale data exposure. Strengthening identity management, monitoring third-party access, and enforcing stricter integration controls are becoming critical priorities for enterprises worldwide.
RAJANI BABURAJAN
