Rockstar Games data leaked: What's inside the GTA makers' data dump?

The Rockstar Games data leak is escalating, with threat actors leaking internal data just months before the biggest game launch of the decade. Our team investigated what data attackers shared on the dark web.

Rockstar Games, the studio behind the blockbuster Grand Theft Auto franchise, has been targeted by a cyberattack. Serial attackers ShinyHunters say they accessed Rockstar Games data through a compromised third-party server and have issued an ultimatum, with negotiations to begin by April 14th.

“Rockstar Games. Your data was compromised. Pay or leak,” the gang posted on its dark net site.

“Make the right decision, don’t be the next headline.”

Posting ransom demands is a common tactic used by ransomware and extortion gangs to muscle victims into paying. However, if negotiations fall apart, threat actors commonly leak the entire dataset.

Claims about the Rockstar Games breach have been circulating in the media, but as the deadline approached, ShinyHunters dropped 7.5GB of Rockstar Games’ data sample on its dark web leak site.

What Rockstar Games data was leaked?

Meanwhile, Cybernews researchers have investigated the leaked Rockstar Games dataset. According to our researchers, this information is likely tied to internal key performance indicators (KPIs), offering insight into how Rockstar measures engagement and monetization across its games over a period of eight years.

“This info would be especially valuable to competitors, because it would identify what kind of metrics work best, and whether there are any weak points in Rockstar's current approach,” our researchers explained.

One part of the exposed data includes approximately 2.4 million customer support tickets spanning a period of eight years, from 2018 to the present. While these records do not contain identifiable user or employee information, they still reference specific games, reported issues, and timestamps.

Another set of files appears to track performance metrics tied to in-game activity and revenue. The data is broken down by region and platform used, such as PC, Xbox, and PlayStation.

Leaked files include dates, geographic segments, and numerical values that may reflect earnings or transaction volumes.

The bulk of the dataset consists of aggregated statistics rather than personal data. Files track metrics such as new player counts, active accounts, mod installations, and average server earnings over time.

“No impact” on GTA players

Reportedly, Rockstar has previously downplayed the incident, stating that only a “limited amount of non-material company information” was accessed and that there is no impact on players or operations.

The company did not disclose what type of data may have been compromised, but emphasized that user data and gameplay systems were not affected.

“We can confirm that a limited amount of non-material company information was accessed in connection with a third-party data breach,” the company said to the BBC.

“This incident has no impact on our organization or our players.”

Attackers themselves claim that the data was obtained via Rock Stars’ Salesforce account. ShinyHunters breached numerous companies after gaining access to Salesforce systems via phishing attacks.

High stakes for GTA VI

The timing of the data breach is significant. Rockstar is currently developing Grand Theft Auto VI, one of the most anticipated and expensive video games ever made.

Industry estimates suggest development costs could approach $2 billion, with the title now expected to launch in November 2026 after delays.

The Grand Theft Auto franchise remains one of the most commercially successful in gaming history. Its predecessor, Grand Theft Auto V, has generated more than $8 billion in revenue since its 2013 release.

Not the first data breach to affect Rockstar

This is not the first time hackers have targeted Rockstar. In 2022, a major breach led to the release of 90 minutes of early GTA VI gameplay footage after attackers gained access to internal systems.

Reportedly, Rockstar claimed the incident cost the company $5 million and thousands of staff hours in recovery efforts. Arion Kurtaj, linked to the Lapsus$ cyber gang, was later arrested and sentenced to an indefinite hospital order in 2023.

Broader threats via third-party providers

Security experts say the implications of the current incident may have broader implications.

According to David Sancho, a Senior Threat Researcher at Trend Micro, even if no personal player data was involved in the breach, leaked internal company information can carry a significant commercial impact.

“Even if the company states there is 'no impact,' repeated incidents can erode confidence among partners and stakeholders, especially this close to a major release in GTA 6,” Sancho said.

More broadly, the incident reflects a growing structural challenge across large organizations posed by third-party integrations.

“We need to be clear – this is not a Rockstar-specific problem. It’s a structural issue. Many large organizations have massively expanded their attack surfaces in recent years through SaaS integrations, APIs, and third-party data pipelines,” Sancho added.

Who are ShinyHunters?

The extortion group is known for many high-profile attacks. The gang is behind the recent data breaches at telecommunications giant Odido and the European Commission. ShinyHunters recently exploited compromised Okta access to breach Hims & Hers support systems, exposing customer data as part of a broader attack chain.

The gang is also behind the attack on Cisco Systems, Hallmark, US investment advisory firms Mercer Advisors and Beacon Pointe Advisors.In February, the gang leaked the personal records of 12.4 million CarGurus account holders, following what appears to be a failed ransom attempt.

---

Unlock more exclusive Cybernews content on YouTube.