sezer66 - stock.adobe.com
‘Grand Theft Auto’ publisher Rockstar hit by hackers again
The notorious ShinyHunters hacking collective menaces video game publisher Rockstar and says it will leak data on 14 April
UK-based Rockstar Games, publisher of the long-running Grand Theft Auto (GTA) series, has fallen victim to another cyber attack orchestrated by the ShinyHunters operation, which is now threatening to release a trove of data on 14 April 2026 after its extortion demands were rebuffed.
According to information obtained from ShinyHunters’ dark web leak site, the gang exploited artificial intelligence (AI) cloud analytics tool Anodot to access Rockstar’s Snowflake data warehouse using stolen authentication tokens, thus appearing to Snowflake and Rockstar as if they were a genuine internal user.
Anodot had experienced a series of issues earlier this month that led to Amazon S3, Kinesis and Snowflake streams being unable to retrieve data samples for a time.
Rockstar told gaming news website Kotaku: “We can confirm that a limited amount of non-material company information was accessed in connection with a third-party data breach. This incident has no impact on our organisation or our players.”
ESET global cyber security adviser Jake Moore said: “Third-party cloud providers continue to be a pivotal part of the attack chain and it acutely highlights how low the barrier to high-impact cyber crime has become. Compromising lesser-known suppliers remains one of the weakest links into bigger brands and it can have greater success. Even non-identifiable information caught up in a data breach can still be stitched together for phishing or social engineering, so it is vital that companies are better aware of their suppliers and their security policies.
“Gaming giants will always remain high-value targets not just for stolen data but for kudos amongst criminal peer groups and ultimately leverage. It is therefore vital for businesses to lock down all third-party access and continually treat it as a genuine threat,” said Moore.
Serial victim?
This is the latest in a series of breaches and cyber incidents to have hit Rockstar – most famously, the Lapsus$ gang, a group with connections to ShinyHunters, leaked footage from an early version of GTA 6, which is set for release later this year, back in September 2022. A year later, a trailer for the unpublished video game also leaked on social media platform X (formerly Twitter), forcing the developers to move up their promotional schedule.
The individual behind the 2022 hack, a British man named Arion Kurtaj – who was still a minor at the time – pulled off this breach after inveigling his way into an internal Slack chat at Rockstar.
It later emerged that Kurtaj had been arrested by City of London Police earlier that year in connection with other Lapsus$ cyber attacks. However, while in protective custody at an Oxfordshire Travelodge, he skirted a ban on using the internet imposed as part of his bail conditions by connecting an Amazon Fire Stick to the TV in his hotel room and went on to hack Rockstar and ride-sharing service Uber, among others.
Kurtaj, who is autistic, was ruled responsible for the hacking spree at Southwark Crown Court in 2023. Jurors heard how he had expressed his intention to return to cyber crime, and became violent while in custody. He is currently serving an indefinite sentence at a secure hospital, where he will remain unless doctors deem him no longer to be a danger to the public.
Games growth
The latest misfortune to befall Rockstar Games comes as the UK government sets up a £28.5m funding pot for the British video game sector – which employs tens of thousands of people across the country and has produced hits such as Forza Horizon, No Man’s Sky and Tomb Raider.
The money represents a doubling in funding for the sector under the government’s Creative Industries Sector Plan, and will target newly formed and expanding developers to help them turn ideas into reality.
The Department for Culture, Media and Sport (DCMS) also announced that it will support the London Games Festival – currently running until 19 April – with £1.5m of new funding over the next three years.
Read more about ShinyHunters
- Salesforce warns users of an uptick in malicious activity targeting Experience Cloud customers with misconfigured user settings via an open source tool.
- The ShinyHunters hacking collective that caused chaos in 2025 is ramping up a new voice phishing campaign, with several potential victims already identified.
- Kering, the parent group of fashion houses including Balenciaga and Gucci, becomes the latest organisation to allegedly fall victim to ShinyHunters.
