Rockstar confirms third-party breach after hackers claim leak of 78.6 million records

Rockstar Games has confirmed a third-party data breach after the hacking group ShinyHunters claimed it accessed the company’s Snowflake data through analytics vendor Anodot. Rockstar said “a limited amount of non-material company information” was accessed and added that the incident has “no impact on our organization or our players.”

The bigger claim, however, comes from the attackers, not from Rockstar. Reuters reported that a ShinyHunters representative said the group had 78.6 million records from Rockstar’s Snowflake account and that the access came through Anodot, an AI-powered analytics platform. Rockstar has not publicly confirmed that record count, so it should be treated as an attacker claim rather than an independently verified total.

BEST SPRING 2026 DEALS

Editor's Choice

Private Internet Access

Access content across the globe at the highest speed rate.

70% of our readers choose Private Internet Access

70% of our readers choose ExpressVPN

ExpressVPN

Browse the web from multiple devices with industry-standard security protocols.

Nord VPN

Faster dedicated servers for specific actions (currently at summer discounts)

That distinction matters. There is clear confirmation of a breach tied to a third party, but the exact scope of the leaked data remains less certain in public reporting. Several outlets reported that the exposed material appears to involve internal analytics or business data rather than player passwords, payment details, or GTA 6 development assets.

What Rockstar confirmed

Rockstar’s public line has stayed narrow and consistent. Multiple reports quote the company as saying only a limited amount of non-material company information was accessed, and that neither the business nor players were affected. That suggests Rockstar is trying to draw a firm boundary between internal business data and player-facing systems.

The attack also does not appear to involve a direct compromise of Rockstar’s own core infrastructure. Reporting from The Verge, Reuters, and others says the intrusion was tied to a third-party provider and access into Rockstar’s Snowflake environment through Anodot. Public reports also say Snowflake itself was not exploited through a product vulnerability.

That puts this incident squarely in the supply-chain risk category. Even companies with strong internal controls can face exposure when outside analytics, monitoring, or integration platforms hold trusted access into sensitive cloud environments. This is an inference based on the reported Anodot-to-Snowflake access path.

What hackers claim they stole

The most eye-catching number in this story is the 78.6 million record claim. Reuters reported that a ShinyHunters representative said the group held 78.6 million records from Rockstar’s Snowflake account. Some follow-up reports described the material as analytics data connected to GTA Online and Red Dead Online, including revenue and engagement metrics, but Rockstar has not publicly validated those specifics.

That means the safest framing is this: Rockstar confirmed a limited third-party breach, while the attackers claim they stole a much larger data set and later published it online. Public reporting supports the existence of the extortion attempt and the leak claim, but not every detail in the leaked archive has been independently confirmed by Rockstar.

Several reports also say no player passwords, payment data, or GTA 6 source assets were part of the exposed material. Since Rockstar has not published a full technical breakdown, those points remain based on reporting and should be described carefully.

Why this breach matters beyond Rockstar

This incident highlights a familiar problem in modern cloud security. Attackers no longer need to break into a company head-on if they can abuse a connected vendor that already holds trusted access. In this case, the reported path through Anodot into Snowflake fits the same broader pattern seen in other recent third-party and cloud-integration incidents.

For a company like Rockstar, internal analytics still matter even if player systems remain untouched. Revenue data, platform performance, regional trends, release planning signals, and partner-facing business information can all carry strategic value. That makes even “non-material” internal data worth watching closely when attackers use it for extortion or publicity. This is an inference based on the nature of the reportedly exposed analytics data.

The timing also adds pressure. Rockstar is approaching one of the biggest game launches in years, so any security incident connected to GTA or internal data can generate outsized attention, even if the direct user impact stays low.

Breach snapshot

What security teams should take from this

• Audit third-party SaaS integrations that connect into cloud data environments.
• Review token handling and service-to-service trust paths across analytics platforms.
• Monitor Snowflake and similar platforms for unusual query behavior from connected vendors.
• Reduce third-party permissions to the minimum needed for the business task.
• Rotate credentials and tokens regularly for external integrations.

These steps follow directly from the reported third-party access route in the Rockstar incident.

FAQ