Rockstar confirms data breach as hackers threaten game developer to “pay or leak”
Game developer Rockstar Games has suffered a data breach. ShinyHunters, the extortion group responsible for the data theft, is threatening to publish the stolen data if the company doesn’t pay the ransom.
-
The gaming giant confirmed that hackers accessed a "limited amount of non-material company information."
-
The notorious extortion group is threatening to leak stolen data unless Rockstar pays up, warning the company to "pay or leak" by their April 14th deadline.
-
The breach didn't target Rockstar directly. Hackers compromised Anodot, an AI analytics company, then used stolen authentication tokens to access Snowflake cloud storage where Rockstar's data was stored.
A spokesperson for Rockstar Games has confirmed that a threat actor exfiltrated a small amount of non-sensitive company information.
“We can confirm that a limited amount of non-material company information was accessed in connection with a third-party data breach. This incident has no impact on our organization or our players,” the game developer said in a statement to gaming website IGN.
The spokesperson wouldn’t say what kind of data was compromised, who was responsible for the attack, or if any ransom demands were made.
Check if your data has been leaked
What we do know is that ShinyHunters, a well-known ransomware extortion group, has claimed responsibility for the data breach.
On its leak site on the dark web, ShinyHunters is calling on Rockstar Games to reach out by April 14th.
“Make the right decision. Don’t be the next headline. Final warning: pay or leak,” the ransomware gang warns.
The conversation on this topic is live. Join in the discussion.
The extortion group, infamous for recent data breaches at Odido and the European Commission, claims to have stolen an unknown quantity of “metrics data” after hacking Anodot, an AI-based analytics company that provides real-time anomaly detection for business and operational data.
The hack gave the attackers access to authentication tokens that could be used to gain entry to the cloud storage company Snowflake, which, among other things, gave them access to Rockstar’s corporate data.
Snowflake has confirmed that “unusual activity” was recently detected and that a small number of its clients were impacted. Cybernews has reached out to Rockstar Games for comment.
“We immediately launched an investigation and, out of an abundance of caution, locked down potentially impacted customer accounts. We also notified potentially impacted customers and provided precautionary guidance to help them further protect their accounts,” the company told BleepingComputer.
Snowflake emphasized that the data breach wasn’t caused by a zero-day vulnerability and that its corporate systems weren’t compromised. Instead, the attackers gained access to Rockstar’s data through Anodot.
Unlock more exclusive Cybernews content on YouTube.
