Is GTA 6 info at risk? Hackers threaten to leak stolen Rockstar Games internal data

Rockstar Games, the powerhouse developer behind the Grand Theft Auto franchise, is facing a high-stakes ultimatum today as a notorious hacking collective vows to publish stolen internal data following the company’s refusal to engage in ransom negotiations.
The group, identifying themselves as ShinyHunters, issued a "final warning" on their dark-web leak site, setting a strict deadline of April 14, 2026. The hackers claim to have breached Rockstar’s systems through a third-party cloud analytics platform, allegedly gaining access to sensitive corporate information and potentially damaging details regarding upcoming projects.
The Vulnerability of Third-Party Access
The security failure originated not from a direct assault on Rockstar’s primary servers, but through the exploitation of Anodot, an AI-driven analytics platform. Rockstar utilised Anodot to oversee performance and expenditures within its Snowflake data warehouse. By harvesting authentication tokens from Anodot’s compromised systems, the attackers were able to enter Rockstar’s Snowflake environment under the guise of legitimate internal traffic, a tactic that initially evaded discovery.
According to reporting by BleepingComputer, this breach is part of a wider offensive impacting more than a dozen Snowflake clients. ShinyHunters claims to have extracted data from "dozens of companies" using credentials obtained through Anodot. Snowflake confirmed that Anodot was the breached third-party partner while maintaining that its own core systems remained secure. Anodot, which was purchased by Glassbox in November 2025, responded to the crisis by taking all regional connectors offline.
Conflicting Accounts of the Theft
Rockstar has sought to minimise the severity of the incident. In a statement provided to Kotaku, the company noted: "We can confirm that a limited amount of non-material company information was accessed in connection with a third-party data breach. This incident has no impact on our organisation or our players."
Conversely, ShinyHunters has escalated its rhetoric. On April 11, the group issued a blunt message to the developer: "Rockstar Games! Your Snowflake instances were compromised thanks to Anodot.com. Pay or leak. This is a final warning to reach out by 14 Apr 2026 before we leak, along with several annoying (digital) problems that'll come your way."
The stolen cache is thought to consist of internal analytics, financial documents, and marketing schedules, rather than the personal information or passwords of players.
A History of Extortion
The hackers informed the BBC that because Rockstar has declined to negotiate, the group intends to publish the files, possibly before the deadline expires. The BBC characterised ShinyHunters as "a prolific group of English-speaking cybercriminals, thought to be in their teens, who specialise in data theft and extortion."
This event marks the second major security crisis for Rockstar in recent years, following the 2022 leak of Grand Theft Auto VI development footage. ShinyHunters has been active since 2020 and has previously claimed responsibility for breaches involving AT&T, Microsoft, and Ticketmaster. While Google’s Threat Intelligence Group is reportedly monitoring the Anodot-linked campaign, it has not released specific findings.