Hackers Breach Rockstar Games and Demand a Ransom

Yesterday, April 11, the hacker group ShinyHunters announced that it had breached Rockstar Games, explaining how the attack was carried out, what was stolen, and demanding a ransom. R* has already issued an official statement.

The Breach

The attack became possible through the AI platform Anodot, which specializes in analyzing company spending to detect anomalies. This is done to help prevent unauthorized or misdirected expenses. The platform generates tokens (digital access keys) used to connect to a company’s database — in this case, Snowflake, which operates through the cloud.

After obtaining Anodot tokens, the attackers accessed Snowflake as if it were a routine internal procedure and extracted everything they were able to reach. The security system failed to detect any protocol violations or suspicious activity.

What Was Stolen?

A significant amount of confidential information may have fallen into the hackers’ hands:

• how much players spend on microtransactions in GTA Online and Red Dead Online, and how this spending is distributed geographically;
• schedules and timelines for marketing campaigns;
• contract details involving Sony, Microsoft, actors, and music labels.

The last two points could easily be related to GTA 6 and the future Online. If all of this becomes publicly available, we may be facing an enormous number of spoilers and a ruined sense of surprise for upcoming content.

As for regular users, nothing has been said about their accounts. It is likely that personal data was not compromised. However, it is still highly recommended to keep two-factor authentication enabled.

What Do the Hackers Want?

The cybercriminals are demanding a ransom from Rockstar Games. The exact amount has not been disclosed. They have reportedly given the company until Tuesday, April 14. They are threatening to leak all of the information listed above onto the Dark Web if their demands are not met. From there, it would almost certainly spread to the wider public very quickly.

If this is indeed true, the company could suffer an extremely serious blow to both its reputation and finances. This may also affect the release of Grand Theft Auto VI, currently scheduled for this fall.

Rockstar Response

However, the company is unlikely to give in to blackmail (which would be a very poor decision). This conclusion can be drawn from the official statement by a company representative:

We can confirm that a limited amount of non-material company information was accessed in connection with a third-party data breach. This incident has no impact on our organization or our players.

It seems that Rockstars are confident that nothing serious has happened — or at least wants to project that image. The only thing that can be said with certainty is that those responsible will likely face legal pursuit.

Who Are ShinyHunters?

The hacker group known as ShinyHunters was formed in 2019, and since then more than 400 companies have reportedly become its victims, including Microsoft (with 500 GB of stolen data in 2020), Ticketmaster, and many others. Following each successful breach, the group engages in extortion by threatening to leak the stolen information. Despite several arrests, the group remains active.