Rockstar Hack: ShinyHunters Ransom Deadline April 14

A grim new message found its way onto the public internet, and Rockstar’s cloud systems became the subject. The key phrase “Rockstar Games” is now tied to “ShinyHunters” after the group claimed it accessed Snowflake instances and demanded a response by April 14. In a threat posted for the company, the attackers wrote: “Rockstar Games, your Snowflake instances were compromised thanks to Anodot.com. Pay or leak. This is a final warning to reach out by 14 Apr 2026 before we leak, along with several annoying (digital) problems that’ll come your way. Make the right decision, don’t be the next headline.”

A spokesperson for Rockstar confirmed the breach, according to statements shared with media contacts. The group said it stole confidential data and set the payment deadline for April 14. Specific details about what was taken, or the ransom amount, were not fully available because much of the discussion was limited to the dark web.

The broader context matters: Rockstar has faced a prior intrusion. In 2022, a single person reportedly accessed internal development channels and acquired nearly 100 early gameplay videos for GTA VI, including—allegedly—the source code for both GTA VI and GTA V. That history has left players watching for any signs the latest disruption could affect timelines.

Rockstar’s spokesperson said the stolen information consisted of “non-material company information” and that the incident does not impact “our organization or our players.” In practice, that language suggests the attackers may not hold data that is directly useful to the gaming public, yet it still carries weight for corporate operations.

With the pressure now centered on the “Rockstar Games” clock, companies often face a narrowing window to validate the scope, rotate credentials, and prevent further access. If the extracted material is mostly internal rather than player-related, the immediate risk may be reputation and operational disruption rather than direct consumer harm.

The compromise, as described in the claim, hinged on Anodot, an analytics and monitoring tool used to track finances. Anodot connects to Rockstar’s cloud infrastructure, which is “Snowflake” in Rockstar’s case. The group did not break Snowflake security directly; instead, it allegedly extracted authentication tokens from Anodot to impersonate regular users and then access Snowflake accounts. Once inside, the group reportedly stole data that likely did not include passwords or sensitive player information, and may not have included active development files—but the company still would want to keep confidential corporate information offline.

Snowflake is also used by other businesses that integrate it via Anodot, and Rockstar appears to be part of a wider extortion pattern. ShinyHunters has compromised multiple companies in the past few months using similar tactics, including the use of API keys, user sessions, and third-party integrations. The attack is framed as ransomware-adjacent—if the ransom is not paid by April 14, the malicious group said it would release the stolen data publicly.

In the final tally, the April 14 deadline gives both the attackers and Rockstar an urgency that is hard to ignore. For “Rockstar Games,” even a limited disclosure could still reveal spending habits, internal planning, and behind-the-scenes marketing choices if the data is posted. US News Hub Misryoum will continue tracking developments as the clock runs toward April 14 and as the company responds to questions about the “Rockstar Games” breach.