Rockstar confirms cyberattack and data theft

For the umpteenth time, Rockstar has fallen victim to a cyberattack. The developer of the highly anticipated game GTA6 confirmed that its systems were attacked and data was stolen. Meanwhile, the well-known cybercrime group ShinyHunters posted an extortion letter to Rockstar on their website.

Rockstar confirmed to Kotaku that “a limited amount of non-essential company data was accessed as part of a data breach at a third-party vendor.” The incident had no impact on the company or its players.

Access to Snowflake

The cyber gang ShinyHunters stated on their website that they had compromised Rockstar's Snowflake instances using the third-party tool AnoDot. They demanded that Rockstar contact them and pay money by April 14th to prevent the stolen data from being published. They did not disclose in their public statement how much the cybercriminals are demanding or what data they possess.

AnoDot allows companies to monitor their cloud costs, among other things, and Rockstar uses it for this purpose. The AI tool is designed to detect unusual changes based on numerous collected data points that could negatively impact the company's revenue. And the incident at Rockstar Games may be the result of a cyberattack on AnoDot, also carried out by ShinyHunters.

Cybersecurity incident at AnoDot

BleepingComputer reported this week on problems that initially occurred with various cloud and SaaS providers whose software the tool can integrate with, including Snowflake. The company was able to quickly trace the problem back to AnoDot, as attackers logged into Snowflake systems using AnoDot credentials.

BleepingComputer learned from several sources, including Snowflake, that there has been a security incident at AnoDot. AnoDot itself informs on a support page that data sampling retrieval issues are currently occurring worldwide. AnoDot took its data collectors for Snowflake, S3, and Kinesis services offline on April 4th. The data collectors remain offline (as of Sunday, April 12, 2:55 PM).

Meanwhile, ShinyHunters' deadline for Rockstar Games continues. The gang is notorious and has already carried out numerous cyberattacks, including stealing millions of user data from the concert ticket shop Ticketmaster and the car sales service provider Carguru. The fact that ShinyHunters is now going public could indicate that they do indeed have something against Rockstar.

This is not the first time cybercriminals have stolen data from Rockstar. In another cyberattack in 2022, the cybercrime group Lapsus$ stole gameplay videos of GTA6 and posted them online. It later became known that the attack was carried out by a teenager who gained access to cloud services from a hotel room using a smartphone, an Amazon Fire TV Stick, and a television. He was also charged and convicted for the attack on Rockstar Games; at the time, he was 18 years old.

(nen)