ShinyHunters Breach Rockstar Games via Snowflake Environment — Threaten Data Leak by April 14

The ShinyHunters hacking group announced on April 11, 2026 that they have successfully compromised Rockstar Games’ Snowflake data warehouse environment. The breach was reportedly executed through an exploit targeting Anodot, a SaaS platform used for cloud cost monitoring that had privileged access to the Snowflake instance. The group has issued a ransom deadline of April 14, threatening to publicly leak the stolen data if demands are not met.

The attack follows the pattern established in the massive 2024 Snowflake campaign, where ShinyHunters and related groups compromised over 160 companies through stolen credentials and inadequate access controls. This time, the vector was a third-party SaaS integration — Anodot — which had been granted broad permissions to Rockstar’s cloud data infrastructure for analytics purposes.

Source

Reported by Hackread on April 11, 2026.

Commentary

ShinyHunters have effectively turned Snowflake environments into their personal hunting ground. After the massive 2024 wave that hit Ticketmaster, AT&T, and hundreds of others, you’d expect organizations to have locked down their Snowflake configurations. Yet here we are — and this time the vector wasn’t even direct credential theft but a compromised third-party SaaS tool with overprivileged access.

This underscores a critical blind spot: organizations audit their own access controls but rarely apply the same rigor to the SaaS tools they connect to their data warehouses. Anodot, a cost-monitoring tool, presumably didn’t need the level of access that enabled a full data exfiltration. The principle of least privilege isn’t just for human users — it applies to every integration, API key, and service account in your cloud stack. Rockstar Games is now on a ticking clock, and the April 14 deadline will be watched closely.