{"id":45325,"date":"2026-04-11T18:12:53","date_gmt":"2026-04-11T10:12:53","guid":{"rendered":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/2026\/04\/11\/shinyhunters-claims-rockstar-games-snowflake-breach-via-anodot\/"},"modified":"2026-04-11T18:12:53","modified_gmt":"2026-04-11T10:12:53","slug":"shinyhunters-claims-rockstar-games-snowflake-breach-via-anodot","status":"publish","type":"post","link":"https:\/\/nuoya.nuoyayasuo.top\/index.php\/2026\/04\/11\/shinyhunters-claims-rockstar-games-snowflake-breach-via-anodot\/","title":{"rendered":"ShinyHunters Claims Rockstar Games Snowflake Breach via Anodot"},"content":{"rendered":"\n

Rockstar Games is back in the news, not over Grand Theft Auto VI delays, but because the ShinyHunters<\/a> hacking group claims it accessed the company\u2019s Snowflake environment and may be holding a large volume of data at risk of being leaked.<\/p>\n

The message, published on the group\u2019s dark web leak site on April 11 (UK time), sets a deadline of April 14 and follows a familiar pattern of pay or face public exposure.<\/p>\n

This case differs from a typical direct breach because the attackers pointed to Anodot, a SaaS platform used for cloud cost monitoring and analytics, as the entry point. In their post, they claimed, \u201cRockstar Games! Your Snowflake<\/a> instances were compromised thanks to Anodot.com<\/code>. Pay or leak.\u201d<\/p>\n

\n

“Rockstar Games, your Snowflake instances were compromised thanks to Anodot.com. Pay or leak. This is a final warning to reach out by 14 Apr 2026 before we leak, along with several annoying (digital) problems that’ll come your way. Make the right decision, don’t be the next headline.”<\/em><\/p>\n

ShinyHunters<\/cite><\/p><\/blockquote>\n

\n
\"ShinyHunters<\/a>
ShinyHunters claiming Rockstar Games as its new victim (Image credit: Hackread.com)<\/figcaption><\/figure>\n<\/p><\/div>\n

Recent reporting<\/a> confirmed that Anodot suffered a security breach, which attackers then used as a way to access customer environments connected through integrations. Reportedly, attackers were able to extract authentication tokens from Anodot, which function as trusted credentials between services. With those tokens, they could access connected Snowflake accounts without needing to exploit vulnerabilities in Snowflake itself.<\/p>\n

Once inside Snowflake environments, attackers exfiltrated data using normal database operations. Worse, because the access appeared legitimate, detection was not immediate in many cases. Several organizations were impacted before the activity was flagged and contained. <\/p>\n

\n
\"ShinyHunters<\/a>
Anodot’s Status page<\/a><\/figcaption><\/figure>\n<\/p><\/div>\n

For your information, ShinyHunters has built a track record of targeting identity systems<\/a>, API keys, and third-party integrations instead of relying on traditional exploits. Their focus is to gain valid access, extract large databases, and then apply pressure through public leak threats.<\/p>\n

Earlier this March, ShinyHunters said it had obtained<\/a> Salesforce-linked data tied to more than 400 companies. Since then, the group has published data from 26 of those organizations, giving weight to at least part of its claims. Some of the claimed and confirmed cases linked to ShinyHunters include the following organizations:<\/p>\n