The developer of smash-hit games such as Grand Theft Auto V and Red Dead Redemption II has confirmed it was the victim of a cyber attack after notorious hacking group ShinyHunters posted a ransom demand on its darknet leak site.
The hackers listed Rockstar Games as a victim in an 11 April update, alongside several other high-profile companies, including Hallmark Cards, the National Railroad Passenger Corporation, and McGraw Hill.
“Your Snowflake instances metrics data was compromised thanks to Anodot.com. Pay or leak,” ShinyHunters said.
“This is a final warning to reach out by 14 Apr 2026 before we leak along with several annoying (digital) problems that’ll come your way. Make the right decision, don’t be the next headline.”
Cloud data platform Snowflake had confirmed it had been compromised on 7 April, according to an article by Bleeping Computer.
“We recently detected unusual activity within a small number of Snowflake customer accounts linked to a specific third-party integration,” Snowflake told the publication.
“We immediately launched an investigation and, out of an abundance of caution, locked down potentially impacted customer accounts. We also notified potentially impacted customers and provided precautionary guidance to help them further protect their accounts.”
Snowflake later confirmed that the “third party” was analytics firm Anodot. As of 11 April, some of Anodot’s infrastructure remained offline, and it appears ShinyHunters was able to steal authentication tokens from Anodot in order to make its attacks on Snowflake customers.
Rockstar has said it is aware of the threat actor’s claims, but has downplayed the severity of the attack.
“We can confirm that a limited amount of non-material company information was accessed in connection with a third-party data breach,” the company said in a widely reported statement.
“This incident has no impact on our organisation or our players.”
Who is ShinyHunters?
ShinyHunters is a prolific hacking group responsible for a raft of third-party compromises, most commonly linked to several campaigns targeting Salesforce instances.
It was previously linked to a hacking group called Scattered Lapsus$ Hunters, which formed in August 2025 and was responsible for several Salesforce compromises. ShinyHunters itself dates back to 2019.
The group is known for its technical and social engineering skills.
Previous victims include Qantas, Jaguar Land Rover, PornHub, and SoundCloud.
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.