ShinyHunters Leak Rockstar Games Data, No Player Records Impacted
ShinyHunters leak 7.54 GB of Rockstar Games data from Snowflake; no player records exposed.
Summary
ShinyHunters hackers leaked 7.54 GB of data stolen from Rockstar Games through a compromised Snowflake analytics account connected to Anodot. The leaked files consist of internal analytics, KPI reports, and revenue data with no player credentials, account information, or personal data exposed. The incident highlights the growing trend of threat actors targeting third-party analytics integrations to access operational intelligence without breaching core systems.
Full text
Data Breaches Leaks SecurityShinyHunters Leak Rockstar Games Data, No Player Records Impacted ShinyHunters hackers leak 7.54 GB of Rockstar Games data from Snowflake analytics systems, confirming no player records or personal information were exposed. byWaqasApril 15, 20262 minute read Last week, as exclusively reported by Hackread.com, when ShinyHunters first claimed it had accessed Rockstar Games data through Anodot by compromising a connected Snowflake account, the details were uncertain. Now the group has released the entire stolen data, giving us a clear picture of what was actually exposed and what was not. The leaked files, 25 in total and about 7.54 GB in size, consist primarily of internal analytics and reporting data, with no customer or personal information present. Filenames reference metrics linked to GTA Online and Red Dead Online, including booking figures, virtual currency redemptions, and regional performance tracking. Entries such as daily KPI reports and revenue breakdowns point to business intelligence systems rather than game infrastructure or user databases. Looking at the structure of the data, it does appear to come from automated exports generated by analytics pipelines. The files are compressed CSV outputs, commonly used for batch reporting in cloud data platforms like Snowflake. This supports earlier reporting that the access point was not Rockstar’s core network but a third-party analytics integration, believed to involve Anodot. Some of the files also reference internal monitoring and testing. For example, dataset names linked to cheat detection models and platform-level revenue mismatches suggest the data includes operational insights used by Rockstar teams to manage gameplay balance and detect abuse. There are also references to Zendesk ticket metrics and customer support reporting, indicating visibility into service operations rather than individual player accounts. Screenshot from the leaked data (Image credit: Hackread.com) What is not present in the leaked material is just as important. There are no player credentials, account data, or unreleased game assets such as GTA VI content. That aligns with Rockstar’s earlier statement that the breach involved limited company information and did not impact players. However, the incident is still important from a business perspective. Internal analytics data can reveal how in-game economies are managed, how revenue flows, and how support systems respond to issues. For attackers, this type of information can be valuable even without direct access to users. Nevertheless, targeting Anodot, a third-party platform that aggregates and analyzes data from multiple sources, to steal data from a larger firm is now the typical modus operandi of the ShinyHunters group. It shows threat actors can now access a wide view of operations without breaching the main environment. The good news is that Rockstar Games customers and players were not affected, as the leaked dataset contains no personal or user data. The company appears to have excluded customer information before sharing data with Anodot. Waqas I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cybersecurity and tech world. I am also into gaming, reading and investigative journalism. View Posts Cyber AttackCybersecuritydata breachgamingRockstar GamesShinyHunters Leave a Reply Cancel reply View Comments (0) Related Posts Security Cyber Crime Malware Crash Override – The 2nd industrial malware to target Ukraine’s power supply ESET, the Slovakian anti-virus software firm and Dragos, the US-based infrastructure security company recently discovered an industrial malware… byJahanzaib Hassan Malware Security ATMJackpot Malware Stealing Cash From ATMs This new ATMJackpot malware originates from Hong Kong. A new ATM malware has been identified by security researchers… byWaqas Security Cyber Attacks Malware Spain’s biggest two go down in massive ransomware attacks Earlier this week, two of Spain's largest companies were compromised by ransomware including countries biggest Cadana SER radio station. bySudais Asif Cyber Attacks Hacking News Security Latest Hack May Open Doors For Hackers To Spy on US Government Juniper network has had a major breach which has led to suspicions of a group of foreign hackers… byWaqas
Indicators of Compromise
- malware — Anodot compromise