Rockstar Games Data Breach Linked to Anodot Security Incident

Recently, Rockstar Games fell victim to a data breach that has been connected to a security incident involving Anodot. The ShinyHunters extortion group has now leaked the stolen data on a data leak site, raising concerns about the security of the gaming industry.

The threat actors behind the breach claim that the data was obtained from Snowflake environments using authentication tokens that were stolen during the Anodot security incident. This breach has resulted in the publication of what is said to be Rockstar Games data, comprising over 78.6 million records.

According to a listing on the ShinyHunters extortion site, the threat actors have compromised Snowflake instances metrics data, attributing it to Anodot.com. This incident highlights the vulnerability of online data storage and the importance of robust security measures.

Despite multiple requests for comment from BleepingComputer, Rockstar Games remained silent on the matter. However, in a statement to Kotaku, the company acknowledged the data breach, stating that a limited amount of non-material company information was accessed in connection with a third-party breach.

Rockstar Games assured that the incident has no impact on the organization or its players, providing some reassurance amidst the growing concerns about data security in the gaming industry.

The leaked data reportedly includes internal analytics used for monitoring Rockstar’s online services, support tickets, in-game revenue, purchase metrics, player behavior tracking, and game economy data for popular titles like Grand Theft Auto Online and Red Dead Online. The datasets also contain customer support analytics from the company’s Zendesk support instance.

References to fraud detection systems and anti-cheat model testing were found in a file list shared with BleepingComputer, shedding light on the extent of the breach and the sensitive nature of the stolen data.

This incident is part of a broader data theft campaign tied to the Anodot security incident, which involved the theft of authentication tokens and unauthorized access to customer data stored in connected Snowflake, S3, and Amazon Kinesis instances.

Following the detection of unusual activity affecting a small number of customer accounts, Snowflake took prompt action by locking down the affected accounts and notifying customers. It was later confirmed that the third-party integration company at the center of the incident was Anodot.

The ShinyHunters group, responsible for the attacks, claimed to have targeted dozens of companies using compromised tokens, highlighting the widespread impact of the breach and the urgent need for enhanced cybersecurity measures.

Notably, this is not the first time Rockstar Games has faced a security breach. In 2022, the company was targeted by the Lapsus$ extortion group, resulting in the leak of Grand Theft Auto 6 gameplay videos and source code, underscoring the persistent threats faced by the gaming industry.

Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.

This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.

Get Your Copy Now