Claims have emerged that Rockstar Games has been targeted by the hacking group ShinyHunters, putting the company at risk of a major data breach.

On the 11th, foreign media outlets including The Cyber Security Guru and Insider Gaming reported that "ShinyHunters has added Rockstar Games to its dark web site." The group has set a deadline of the 14th, threatening to release all stolen internal data if their demands are not met.

Rockstar Games and its parent company, Take-Two Interactive, have yet to issue an official statement.

According to reports, ShinyHunters did not directly breach Rockstar Games' core servers. Instead, the hackers targeted AnoDot, a third-party billing management program used by the company. By infiltrating the AnoDot server, the hackers stole 'authentication tokens'—essentially digital keys—that granted access to Snowflake, Rockstar Games' main data repository. Because the hackers used these tokens to masquerade as legitimate internal traffic, it appears that Rockstar Games' security systems failed to detect the intrusion immediately.

ShinyHunters is a professional hacking organization that has been active since around 2020. Rather than targeting individual users, they primarily exploit vulnerabilities in third-party software or partner systems that companies use for convenience.

The group has a history of stealing internal data from major corporations, including Microsoft, Cisco, and AT&T. They typically publicize their hacks to pressure victimized companies into paying ransoms. This latest attack appears to be part of a broader campaign targeting systems used by multiple companies, and it is reported that other firms, including telecommunications providers, have suffered similar breaches.

While the hack has not been officially confirmed, if true, there is a high risk that sensitive information regarding the upcoming 'GTA6' could be leaked. If the hackers gained full access to the core data repository, they may have obtained game source code, release schedules, financial data, and contracts with partners.

Rockstar Games previously suffered a security breach in 2022, when its internal messaging system was compromised, leading to the leak of early development footage for 'GTA6'.

However, there is currently no evidence that general user account passwords or payment information have been compromised. The Cyber Security Guru noted that the attack was aimed at core corporate data, advising, "While it is unlikely that users will face immediate harm, it is safer to enable two-factor authentication on Rockstar Social Club accounts as a precaution."