Rockstar Games analytics data exfiltrated via third-party Snowflake compromise linked to Anodot breach
Summary
Hide ▲
Show ▼
The extortion group ShinyHunters has expanded its campaign tied to the Anodot breach, claiming unauthorized access to Vimeo’s systems and threatening to leak data unless a ransom is paid. The attack leverages authentication tokens stolen from Anodot to compromise downstream victims, including Vimeo and Rockstar Games. Vimeo confirmed that exposed data included email addresses, technical data, video titles, and metadata, but excluded video content, credentials, and payment information. Operations remained unaffected, and Vimeo disabled Anodot integration and launched an investigation with law enforcement. Rockstar Games previously acknowledged a limited breach linked to the same third-party incident, with ShinyHunters leaking approximately 78.6 million records of internal analytics data. The compromised datasets included in-game revenue metrics, player behavior tracking, and Zendesk support analytics, with Rockstar asserting no operational impact.
Timeline
-
13.04.2026 23:08 2 articles · 15d ago
ShinyHunters leaks Rockstar Games analytics data tied to Anodot breach and Snowflake compromise
The extortion group ShinyHunters expanded its campaign tied to the Anodot breach, claiming unauthorized access to Vimeo’s systems and threatening to leak data unless a ransom is paid. The attacker accessed email addresses for some Vimeo customers and exposed technical data, video titles, and metadata, but excluded video content, account credentials, and payment information. Vimeo disabled all Anodot credentials, removed Anodot’s integration, and launched an investigation with law enforcement and third-party security experts, confirming operations remained unaffected.
Show sources
- Stolen Rockstar Games analytics data leaked by extortion gang — www.bleepingcomputer.com — 13.04.2026 23:08
- Video service Vimeo confirms Anodot breach exposed user data — www.bleepingcomputer.com — 28.04.2026 22:04
Information Snippets
-
ShinyHunters claims responsibility for exfiltrating Rockstar Games’ data using authentication tokens stolen during the Anodot security incident, targeting Snowflake environments.
First reported: 13.04.2026 23:081 source, 2 articlesShow sources
- Stolen Rockstar Games analytics data leaked by extortion gang — www.bleepingcomputer.com — 13.04.2026 23:08
- Video service Vimeo confirms Anodot breach exposed user data — www.bleepingcomputer.com — 28.04.2026 22:04
-
The leaked dataset contains over 78.6 million records of Rockstar Games’ internal analytics, including in-game revenue and purchase metrics, player behavior tracking, and game economy data for Grand Theft Auto Online and Red Dead Online.
First reported: 13.04.2026 23:081 source, 2 articlesShow sources
- Stolen Rockstar Games analytics data leaked by extortion gang — www.bleepingcomputer.com — 13.04.2026 23:08
- Video service Vimeo confirms Anodot breach exposed user data — www.bleepingcomputer.com — 28.04.2026 22:04
-
The compromised data also includes customer support analytics from Rockstar Games’ Zendesk instance, with references to fraud detection systems and anti-cheat model testing files.
First reported: 13.04.2026 23:081 source, 2 articlesShow sources
- Stolen Rockstar Games analytics data leaked by extortion gang — www.bleepingcomputer.com — 13.04.2026 23:08
- Video service Vimeo confirms Anodot breach exposed user data — www.bleepingcomputer.com — 28.04.2026 22:04
-
Rockstar Games confirmed a limited data breach linked to a third-party incident but stated the accessed information was non-material and had no impact on the organization or players.
First reported: 13.04.2026 23:081 source, 2 articlesShow sources
- Stolen Rockstar Games analytics data leaked by extortion gang — www.bleepingcomputer.com — 13.04.2026 23:08
- Video service Vimeo confirms Anodot breach exposed user data — www.bleepingcomputer.com — 28.04.2026 22:04
-
Anodot, a data anomaly detection company, was identified as the third-party integration whose compromised authentication tokens enabled the broader campaign targeting Snowflake, S3, and Amazon Kinesis instances.
First reported: 13.04.2026 23:081 source, 2 articlesShow sources
- Stolen Rockstar Games analytics data leaked by extortion gang — www.bleepingcomputer.com — 13.04.2026 23:08
- Video service Vimeo confirms Anodot breach exposed user data — www.bleepingcomputer.com — 28.04.2026 22:04
-
Snowflake previously confirmed unusual activity affecting a small number of customer accounts tied to a third-party integration (later identified as Anodot), prompting account lockdowns and customer notifications.
First reported: 13.04.2026 23:081 source, 2 articlesShow sources
- Stolen Rockstar Games analytics data leaked by extortion gang — www.bleepingcomputer.com — 13.04.2026 23:08
- Video service Vimeo confirms Anodot breach exposed user data — www.bleepingcomputer.com — 28.04.2026 22:04
-
Vimeo confirmed unauthorized access to its systems following the Anodot breach, with the extortion group ShinyHunters claiming responsibility and threatening to leak data by April 30 unless ransom was paid
First reported: 28.04.2026 22:041 source, 1 articleShow sources
- Video service Vimeo confirms Anodot breach exposed user data — www.bleepingcomputer.com — 28.04.2026 22:04
-
The exposed Vimeo data included email addresses for some customers, technical data, video titles, and metadata, but excluded video content, account credentials, and payment card information
First reported: 28.04.2026 22:041 source, 1 articleShow sources
- Video service Vimeo confirms Anodot breach exposed user data — www.bleepingcomputer.com — 28.04.2026 22:04
-
Vimeo disabled all Anodot credentials and removed Anodot’s integration with its systems
First reported: 28.04.2026 22:041 source, 1 articleShow sources
- Video service Vimeo confirms Anodot breach exposed user data — www.bleepingcomputer.com — 28.04.2026 22:04
-
ShinyHunters listed Vimeo on its extortion portal, claiming to have data from Vimeo’s Snowflake and BigQuery instances
First reported: 28.04.2026 22:041 source, 1 articleShow sources
- Video service Vimeo confirms Anodot breach exposed user data — www.bleepingcomputer.com — 28.04.2026 22:04
-
Vimeo stated its operations remained unaffected and the incident was under investigation with law enforcement and third-party security experts
First reported: 28.04.2026 22:041 source, 1 articleShow sources
- Video service Vimeo confirms Anodot breach exposed user data — www.bleepingcomputer.com — 28.04.2026 22:04
Similar Happenings
Salesforce misconfiguration leads to non-sensitive data exposure at McGraw-Hill amid ShinyHunters extortion claims
McGraw-Hill confirmed a data breach affecting 13.5 million user accounts after ShinyHunters exploited a Salesforce environment misconfiguration to steal and leak non-sensitive data, including names, addresses, phone numbers, and email addresses. The company stated the breach did not impact its core Salesforce accounts, customer databases, courseware, or internal systems, though ShinyHunters claimed possession of 45 million records with PII. The affected webpages were secured promptly, and McGraw-Hill is collaborating with Salesforce to remediate the issue. Have I Been Pwned verified the leak of over 100GB of data tied to 13.5 million accounts. The incident remains distinct from a separate, unverified claim by a threat actor posing as ShinyHunters, who alleges breaching Vercel and selling stolen data, including API keys and employee records. Vercel has disclosed the incident and is investigating with law enforcement and incident response experts, while denying any impact to services.
Telus Digital Breach by ShinyHunters
Telus Digital, the business process outsourcing (BPO) arm of Canadian telecommunications provider Telus, has confirmed a security breach after threat actors known as ShinyHunters claimed to have stolen nearly 1 petabyte of data. The breach, which involved unauthorized access to a limited number of Telus Digital's systems, is currently under investigation. ShinyHunters claims to have accessed a wide range of customer data related to Telus' BPO operations and call records for Telus' consumer telecommunications division. The threat actors reportedly used Google Cloud Platform credentials discovered in data stolen during the Salesloft Drift breach to gain initial access. Telus has engaged cyber forensics experts and is working with law enforcement to manage the situation.
Optimizely Data Breach After Vishing Attack
An ongoing wave of vishing-led breaches attributed to ShinyHunters has claimed a new victim: Aura, a digital safety firm. The attack exposed contact details of nearly 900,000 individuals, stemming from a marketing tool inherited in a 2021 acquisition. ShinyHunters claimed the theft of 12GB of files containing PII and corporate data, releasing it after failed extortion attempts. The company emphasized no SSNs, passwords, or financial data were compromised and is conducting an internal review with law enforcement involvement. Earlier in February, Optimizely disclosed a similar breach following a voice phishing attack that compromised basic business contact information. Both incidents underscore the continued exploitation of vishing tactics by ShinyHunters to gain initial access to organizations, with impacts focused on contact data rather than deeper system compromise.
ShinyHunters Breach Affects Checkout.com Legacy Cloud Storage
Checkout.com, a global payment processing firm, disclosed a data breach involving a legacy cloud storage system compromised by the ShinyHunters threat group. The breach affected less than 25% of its current merchant base and included data from 2020 and earlier. The company refused to pay the ransom and instead plans to donate the amount to cybersecurity research at Carnegie Mellon University and the University of Oxford Cyber Security Center. The compromised data includes internal operational documents and onboarding materials. ShinyHunters is known for exploiting vulnerabilities and using social engineering tactics to extort large organizations.