Rockstar Games has faced a new security threat following allegations of a data breach, with a ransom deadline set for April 14.
Leakage incidents are not new to the company, as in 2022 it witnessed a prominent incident during which early footage from the development of Grand Theft Auto VI was leaked via a social engineering attack targeting the internal Slack platform. But the current threat, if true, targets enterprise data systems rather than the game development environment.
These allegations are attributed to the ShinyHunters group, which is known for targeting large-scale identity systems and programming interfaces. The group had previously been linked to massive leaks that affected companies such as Ticketmaster, AT&T, and Microsoft.
Unlike the 2022 incident that was attributed to a single individual, the current operation appears to be part of a broader campaign targeting companies that use specific cloud tools to store and monitor data.
According to reports, the attackers did not directly compromise Rockstar’s systems, but rather exploited an automated integration via Anodot’s cloud service cost monitoring platform.
The group claims to have gained access to the company’s Snowflake environment by obtaining authentication tokens, allowing multi-factor authentication to be bypassed using long-term valid service tokens. This type of supply chain vulnerability is one of the most prominent attack methods used by the group recently.
This campaign is not limited to Rockstar, as the group has listed other companies among the attacks, including Amtrak and McGraw Hill, with claims of accessing more than 100 million data records via third-party integrations.
The attackers also set a deadline of April 14 to pay the ransom, threatening to publish the data in the event of no response. So far, Rockstar or its parent company Take-Two Interactive have not issued any official statement regarding the incident.
