ShinyHunters Threatens Leak of Rockstar Games Snowflake Data via Anodot Breach
What Happened — ShinyHunters announced that it has exfiltrated data stored in Rockstar Games’ Snowflake data warehouse after compromising the analytics platform Anodot, which integrates with Snowflake. The group warned it will publish the stolen data on April 14 unless its ransom demands are satisfied.
Why It Matters for TPRM —
- A breach of a third‑party analytics provider can expose a vendor’s core data assets, highlighting supply‑chain risk.
- The threatened public dump could damage brand reputation, trigger regulatory scrutiny, and lead to downstream breaches of partners that consume the leaked data.
- Organizations that rely on Snowflake or similar cloud data warehouses must reassess their data‑segmentation and access‑control policies for third‑party integrations.
Who Is Affected — Gaming & entertainment companies using Snowflake, cloud data‑warehouse providers, analytics SaaS vendors, and any downstream partners that consume Rockstar’s data.
Recommended Actions —
- Verify whether your organization shares any data pipelines with Rockstar, Snowflake, or Anodot and map those dependencies.
- Review and tighten Snowflake role‑based access controls, especially for external service accounts.
- Conduct a rapid audit of all third‑party integrations for privileged access and enforce least‑privilege principles.
- Monitor dark‑web and threat‑intel feeds for any leaked Rockstar data samples.
Technical Notes — The attack appears to have leveraged a compromise of Anodot’s environment (likely via credential theft or a vulnerable component) to pivot into the Snowflake tenant hosting Rockstar’s data. No specific CVE was disclosed. Data types reportedly include internal telemetry, player‑behavior analytics, and possibly source‑code assets. Source: HackRead