Rockstar got breached this year — and not through its own front door. In April 2026, the extortion group ShinyHunters reached Rockstar's data through a third-party vendor. No game code, no GTA 6 secrets, but a useful reminder of how big a target the studio is right now.
What happened
The attackers didn't break into Rockstar directly. They compromised Anodot, a third-party cloud analytics and cost-monitoring vendor that had authenticated access to Rockstar's Snowflake data warehouse. Around April 4, Anodot reported connector outages; that disruption lined up with the attackers extracting authentication tokens. Using those tokens, ShinyHunters walked into Rockstar's Snowflake environment looking like a legitimate internal connection and pulled internal data.
ShinyHunters posted an extortion demand on its leak site, set an April 14 deadline, and — after Rockstar declined to pay — published the data. The group claimed more than 78 million records.
What was and wasn't taken
This is the part to get right. The data is described as internal analytics and metrics — service monitoring and business-intelligence output tied to GTA Online and Red Dead Online — not game source code and not player account credentials. Rockstar confirmed the incident in a statement, calling it a limited amount of non-material company information accessed through a third-party breach, with no impact on its players.
Why it matters
Two reasons. First, it's part of a wider supply-chain campaign: the same group used the same SaaS-vendor-to-data-warehouse method against companies including Ticketmaster, AT&T, and others. Second, it shows the pressure on Rockstar in the run-up to the biggest launch in gaming — and it echoes the 2022 breach that leaked early GTA 6 footage. Vendors you've half-forgotten with stored credentials are the soft entry point, for Rockstar and everyone else.