Extortion Gang Leaks 78 Million Rockstar Games Analytics Records via Stolen Anodot Tokens
What Happened – Anodot suffered a security incident that exposed authentication tokens. The ShinyHunters extortion group used those tokens to infiltrate Rockstar Games’ Snowflake, S3, and Kinesis environments, extracting more than 78 million internal analytics records and publishing them on a public leak site.
Why It Matters for TPRM – • Third‑party integrations can become the weakest link in a supply‑chain attack. • Business‑critical analytics (revenue, player‑behavior, anti‑cheat models) are now publicly visible, enabling competitive espionage and fraud. • Cloud data‑warehouse credentials must be protected with zero‑trust controls and continuous monitoring.
Who Is Affected – Gaming & entertainment companies, SaaS analytics providers (e.g., Anodot), cloud data‑warehouse services (Snowflake, AWS).
Recommended Actions –
- Review all third‑party integrations for token‑management hygiene and enforce MFA.
- Verify that Snowflake, S3, and Kinesis accounts are locked down, with least‑privilege IAM policies.
- Conduct a data‑loss impact assessment on exposed analytics and update incident‑response playbooks for supply‑chain breaches.
Technical Notes – Attack vector: stolen authentication tokens (credential theft) used to access Snowflake data‑warehouse, AWS S3, and Kinesis. No public‑facing CVEs cited. Leaked data includes in‑game revenue, purchase metrics, player‑behavior tracking, game‑economy stats, and Zendesk support analytics. Source: BleepingComputer