GTA 6 Leak Might Be Incoming as ShinyHunters Hacker Group Addresses Rockstar Games With Redemption

The hacking group ShinyHunters has posted Rockstar Games on its dark web leak site, claiming access to the studio's cloud data through a compromised third-party analytics tool. The group set April 14 as the ransom deadline. Pay, or the data goes public.

According to The CyberSec Guru, a cybersecurity researcher tracking the incident, ShinyHunters posted the ultimatum directly on its leak site, targeting the Grand Theft Auto creator with a demand for payment. The attackers say they did not breach Rockstar or its Snowflake data warehouse directly. They went through Anodot, a SaaS platform Rockstar uses for cloud-cost monitoring and spending anomaly detection. From Anodot's systems, ShinyHunters pulled authentication tokens — digital credentials that allow one service to communicate with another without manual password entry. Because Rockstar's Snowflake instance trusted those tokens, the attackers accessed the environment as though they were a legitimate internal process.

Snowflake itself does not appear to have been compromised. The platform authenticated valid credentials, which is exactly what it was built to do. The failure occurred at the integration layer: Anodot held broad read permissions on Rockstar's Snowflake warehouse, and once Anodot was compromised, those permissions transferred to the attackers. ShinyHunters reportedly ran database exports over a period before anything was flagged. Because the access pattern mimicked normal monitoring activity, Rockstar's security team had no obvious reason to intervene.

Image: Anodot Status Page via The CyberSec Guru

According to The CyberSec Guru, the breach is believed to involve corporate data rather than leaked game code. The reported exposure includes Rockstar's marketing plans for GTA 6, but not the game's source code. The full scope of what was accessed remains unclear. At the time of writing, Rockstar Games and parent company Take-Two Interactive have not commented. That silence is consistent with how both companies have handled previous incidents.

Rockstar is not the only target in this wave. ShinyHunters recently claimed data from over 400 companies linked to Salesforce integrations. Named victims include Cisco, Canadian telecom Telus, and Dutch provider Odido. Forum posts from the group hint at European Commission data as well. The common thread across all of these is third-party access — one compromised tool creating downstream exposure across dozens or hundreds of organizations.

ShinyHunters has operated since roughly 2020. The group targets APIs, identity systems, and integration layers rather than individual users. Past claimed breaches include 500 gigabytes of Microsoft source code in 2020, 270 million Wattpad user records, and data from AT&T and Ticketmaster. The group is also linked to the Snowflake-related credential theft wave that hit multiple companies throughout 2025. They understand how to generate press coverage and use public pressure as leverage against targets.

Rockstar has been here before. In 2022, a teenager leaked early GTA VI footage after compromising the studio's Slack channels. That breach was opportunistic. This one is more methodical, routed through enterprise software supply chains rather than a single employee's account.

GTA VI is the most anticipated game release in years, and that anticipation makes Rockstar's internal data unusually valuable. If ShinyHunters accessed Snowflake instances tied to Rockstar's operations, the potential exposure extends to financial records from GTA Online and Red Dead Online, player spending and geographic analytics, marketing timelines, and contractual agreements with Sony, Microsoft, voice actors, and music licensors. The ransom deadline falls on April 14, and if player data surfaces before then, Rockstar faces GDPR and CCPA disclosure requirements, possible FTC scrutiny, and class action risk — all while preparing for a major launch.

There is no evidence so far that individual player passwords or payment card details were accessed. The breach appears corporate in scope. Still, enabling two-factor authentication on Rockstar Social Club accounts is a reasonable precaution.

I find it difficult to dismiss this claim outright, given how many companies have already confirmed damage from ShinyHunters operations across the Snowflake and Salesforce integration waves. We can recall Rockstar's recent hiring activity, specifically the push for QA testing staff, and if the company continues its silence, tracking similar operational signals — like surges in tester recruitment or internal restructuring — could offer indirect evidence of whether the stolen data is real and how much of it the studio considers sensitive. Since the reported exposure involves corporate records and marketing plans rather than source code, I suspect the data could also contain details about how Rockstar's game engine has actually changed — the engine the studio reportedly rebuilt from the ground up for GTA 6, and one of the most closely guarded technical assets in the industry.

The entry point for this breach was not a weak password or a misconfigured firewall. It was an authentication token stored inside a third-party analytics platform that Rockstar granted broad access to its data warehouse. Token rotation, least-privilege access policies, egress monitoring, and multi-factor authentication on service accounts are the standard recommendations. Most companies still do not enforce all four. The companies appearing on ShinyHunters' leak site this month are learning the cost of that gap.

This report is based on claims by threat actors and ongoing investigations. Rockstar Games has not confirmed the scope of any breach.

Read also, former Rockstar Games developer Rob Carr, who worked as a sound designer on the original Red Dead Redemption and Grand Theft Auto V, recently appeared on the Kiwi Talkz podcast and discussed Rockstar's "unlimited" approach to development — the philosophy behind building every game element at the highest possible level. With GTA VI's budget reportedly approaching $3 billion, Carr's comments suggest the studio's ambitions for scale and detail may surpass anything it has done before.