ShinyHunters claim the hack of Rockstar Games breach and started leaking data

Leak of 8.1GB data tied to Rockstar Games includes anti-cheat code, game data, analytics and more, reportedly exposed by ShinyHunters.

An 8.1GB data leak reportedly linked to Rockstar Games has surfaced, with files shared by ShinyHunters after being obtained via Anodot. The dataset includes anti-cheat source code, player analytics, game assets, Zendesk support tickets and financial information.

Rockstar Games, one of the major companies in the video game industry, known for popular titles like Grand Theft Auto.

The cybercrime group claims they managed to access Rockstar-related systems hosted through a third-party cloud provider. The group alleges that sensitive internal data was exfiltrated and threatened to publish it.

The group attempted to pressure the company with public posts suggesting that failure to comply would result in both data leaks and further “digital disruption.”

Rockstar Games, however, has publicly minimized the impact of the incident. In its statement, the company indicated that only a limited amount of non-sensitive corporate information was accessed and emphasized that neither its operations nor its player community were affected.

“We can confirm that a limited amount of non-material company information was accessed in connection with a third-party data breach,” a Rockstar Games spokesperson told BBC.

The firm’s response suggests that, at least from its perspective, the breach did not compromise core systems or player-facing services.

Security researchers note that groups like ShinyHunters have increasingly focused on exploiting third-party cloud environments rather than directly attacking corporate infrastructure. This approach allows attackers to bypass stronger internal defenses by targeting external service providers with weaker security postures or misconfigurations.

The incident marks the second major security event involving the company in just a few years, highlighting how high-profile gaming studios remain attractive targets for data theft and extortion schemes.

In a previous incident in 2022–2023, a hacker affiliated with the Lapsus$ collective gained access to internal systems and leaked early development footage of Grand Theft Auto VI. That breach resulted in significant operational disruption and forced the company to adjust its communication strategy around one of its most secretive projects.

The financial and reputational implications of such incidents are substantial. Beyond direct recovery costs, companies often face delays in development, increased security investments, and intensified scrutiny from both regulators and the public. In the case of Rockstar, the stakes are even higher due to the secrecy surrounding upcoming releases and the enormous expectations tied to its flagship titles.

As investigations continue, the Rockstar breach serves as another reminder of the evolving threat landscape facing major digital entertainment companies. In an era where cloud infrastructure, third-party vendors, and remote access systems are deeply integrated into business operations, securing the full supply chain has become as critical as protecting internal networks.

ShinyHunters is a well-known name in the cybercriminal ecosystem. The group is associated with a broader loosely connected network often referred to as “the Com,” made up largely of young, English-speaking individuals. Their operations typically focus on stealing data from large organizations and using leak sites to pressure victims into paying ransoms in cryptocurrency.

ShinyHunters has recently targeted major companies and organizations, leaking data when ransom demands fail. Victims include the European Commission, Odido, Figure, Canada Goose, and SoundCloud. The group primarily uses social engineering, especially voice phishing, to steal credentials and access SaaS platforms like Salesforce, Okta, and Microsoft 365. 

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Rockstar Games)