Rockstar Games Faces April 14 Ransom Deadline After Data Leak

Recent Security Breach at Rockstar Games

Rockstar Games experiencing a security breach again, but this time it seems like it might be more targeted at their data systems than the game itself. This follows a notorious 2022 leak where a social engineering trick got early GTA VI footage exposed on Slack. Now, sources say the attack is aimed at their backend servers, possibly exposing sensitive corporate information.

Threat Group and Their Previous Targets

ShinyHunters, a known cybercriminal group, is believed to be behind this attack. This group has a history of stealing data from big companies like Ticketmaster, AT&T, and Microsoft. Unlike that lone hacker in 2022, this time they seem to be working as part of a larger campaign, especially attacking companies that use cloud data tools.

How the Attack Was Carried Out

Reports from RansomLook.io and CyberSec Guru say the hackers didn’t directly break into Rockstar’s main defenses. Instead, they used an automated process involving a third-party cloud tool called Anodot. By stealing tokens from Anodot’s system, they accessed Snowflake, a company used to store big data like analytics and player info. This way, they could avoid traditional security measures like multi-factor authentication. This sneaky method appears to be a common technique used by ShinyHunters lately.

Other Victims and Future Risks

This wave of attacks isn’t just hitting Rockstar. The same group claims they’ve accessed data from Amtrak, McGraw Hill, and over 100 million records from various third-party Salesforce integrations. They’ve set a ransom deadline for April 14, threatening to leak the data if their demands are not fulfilled. So far, Rockstar and its parent company, Take-Two Interactive, haven’t made any statements or disclosures yet, leaving many questions unanswered about the full scope of this incident.