Rockstar Games Data Breach: Anodot Security Incident Exposes 78.6 Million Records

Rockstar Games has recently experienced a data breach due to a security incident at Anodot, leading to the exposure of stolen data by the ShinyHunters extortion group. The threat actors claim to have obtained the data from Snowflake environments using stolen authentication tokens from the Anodot security incident. They have now released what they claim to be Rockstar Games data, comprising over 78.6 million records. The leaked data reportedly includes internal analytics related to Rockstar's online services, support tickets, in-game revenue, player behavior tracking, and game economy data for Grand Theft Auto Online and Red Dead Online. Additionally, customer support analytics from the company's Zendesk support instance were also part of the leaked datasets.
Rockstar Games has not provided a comment to BleepingComputer regarding the breach but confirmed to Kotaku that a limited amount of non-material company information was accessed in connection with a third-party data breach. The company assured that the incident has no impact on their organization or players. The threat actors behind the breach informed BleepingComputer that the compromised data primarily consists of internal analytics used by Rockstar to monitor its online services and support tickets, including in-game revenue and purchase metrics, player behavior tracking, and game economy data for Grand Theft Auto Online and Red Dead Online. The leaked datasets also seem to contain customer support analytics for the company's Zendesk support instance, with references to fraud detection systems and anti-cheat model testing.
The data breach at Rockstar Games is part of a broader data theft campaign associated with a recent security incident at Anodot, a data anomaly detection company that integrates with various SaaS cloud platforms. The threat actors exploited stolen authentication tokens from Anodot to access customer data stored in connected Snowflake, S3, and Amazon Kinesis instances. Snowflake acknowledged detecting unusual activity affecting a small number of customer accounts linked to a third-party integration and took measures to secure the affected accounts and notify customers. The third-party integration company was later confirmed to be Anodot. The ShinyHunters group claimed responsibility for the attacks and stated that they had stolen data from multiple companies using the compromised tokens.
In conclusion, Rockstar Games has been impacted by a data breach stemming from a security incident at Anodot, resulting in the exposure of internal analytics data related to the company's online services and support tickets. The breach, orchestrated by the ShinyHunters extortion group, has led to the leaking of over 78.6 million records, including in-game revenue, player behavior tracking, and game economy data for Grand Theft Auto Online and Red Dead Online. The incident is part of a larger data theft campaign linked to the Anodot security incident, where threat actors exploited stolen authentication tokens to access customer data stored in connected Snowflake, S3, and Amazon Kinesis instances.