Rockstar Games Hacked, Hackers Threaten a Massive Data Leak If Not Paid Ransom
This is just my opinion but that is not much of a threat and I think they should ignore it. Rockstars social platform has always had abhorrent security and players have always been able to easily doxx one another, know where other players live, boot each other out of games to the point of requiring multiple mod-menus just to be in a multi-player lobby in my experience thus extortion of money for player data from snowflake is just redundant.
Update: 4/11/26, 11:45 a.m. ET: Rockstar Games confirmed that a data breach has happened. A spokesperson sent over this statement to Kotaku:
“We can confirm that a limited amount of non-material company information was accessed in connection with a third-party data breach. This incident has no impact on our organization or our players.”
> “Rockstar Games, your Snowflake instances were compromised thanks to Anodot.com. Pay or leak. This is a final warning to reach out by 14 Apr 2026 before we leak, along with several annoying (digital) problems that’ll come your way. Make the right decision, don’t be the next headline.”
Anyone familiar with "Snowflake" enough to say what sort of data was typically hosted there? Judging by the website and the lack of specifics about the data, I'm guessing it's less about assets, artifacts and stuff like that, and more about financial data and general/generic "business" stuff?
Sure, but some databases are sold/bought more by brand recognition and for the type of data rather than actual technical capabilities. Don't ask me why, just very familiar with people making those sort of choices.
Snowflake is typically used for data analytics in my experience. It's going to have financial stuff very likely, but not like raw documents. Definitely not source code.
I mean technically you can stuff documents into a column with the BINARY datatype provided they are under 67 MB each, but it's not really meant to be used as a document store.
Coincidentally and Interestingly, again, I was reading an old thread from 2015 titled - ProtonMail pays $6k ransom, gets taken out by DDoS anyway
The top comment says -
"NEVER EVER PAY RANSOM MONEY.
Please. Even if your business will suffer it will suffer a lot more if you do pay since now it is known you'll cave. Also: you are making the problem larger for others."
The top response to that comment says -
"From their blog: https://protonmaildotcom.wordpress.com/
At around 2PM, the attackers began directly attacking the infrastructure of our upstream providers and the datacenter itself. The coordinated assault on our ISP exceeded 100Gbps and attacked not only the datacenter, but also routers in Zurich, Frankfurt, and other locations where our ISP has nodes. This coordinated assault on key infrastructure eventually managed to bring down both the datacenter and the ISP, which impacted hundreds of other companies, not just ProtonMail.
At this point, we were placed under a lot of pressure by third parties to just pay the ransom, which we grudgingly agreed to do at 3:30PM Geneva time to the bitcoin address 1FxHcZzW3z9NRSUnQ9Pcp58ddYaSuN1T2y. This was a collective decision taken by all impacted companies, and while we disagree with it, we nevertheless respected it taking into the consideration the hundreds of thousands of Swiss Francs in damages suffered by other companies caught up in the attack against us. We hoped that by paying, we could spare the other companies impacted by the attack against us, but the attacks continued nevertheless. This was clearly a wrong decision so let us be clear to all future attackers – ProtonMail will NEVER pay another ransom. "
Most hackers actually keep their promises if paid the ransom, nowadays.
It sounds perverse but the incentives require it: if payment didn't bring resolution, no one would pay. As a result, all of the big gangs avoid scamming.
That was the state of play in 2015 as well. In the absence of a claim from the group otherwise, I wouldn't be surprised if they simply couldn't get it to stop (on a technical level.)
Way back when, it was a pretty common screwup to accidentally saturate the nodes you were packeting from. So then your C&C couldn't get them to respond, either. Oops.
>Most hackers actually keep their promises if paid the ransom, nowadays.
I don't think that's actually true, or at least is certainly cannot be taken for granted. Instead, it appears ransom has followed more of the path of Silicon Valley VCs:
.It sounds perverse but the incentives require it: if payment didn't bring resolution, no one would pay. As a result, all of the big gangs avoid scamming.
What you're describing is the expected Game Theory outcome over long periods in an iterated game. This works as long as the payment amount is towards the <salary> side of the potential payment spectrum, where each payment may well be decent money for the work the ransomers put in but not so much that they don't need new ransoms. The problem comes if/when the absolute amount of payment moves from "salary" to the "Exit"/"Retirement" side of the spectrum, ie, heads into what VC would call "Unicorn" status. At some level of money it reaches the point where the ransomers need never work again in their lives, it's enough money to get out of the risky business and live off of it indefinitely. It's now no longer an iterated game but a single game, and in single games defection can be rewarded. It no longer matters if reputation is burned, on the contrary it might be the moment to cash all accumulated rep in.
I think in general, both on the bright and dark sides, this sort of "phase change" in a given market space is worth trying to keep an eye out for because it can result in significantly changed behavior "out of nowhere" that can head in ugly directions very fast.
I honestly expected the demand to be "Release GTA 6 soon or else we will". ...The fact that they're just demanding money is a little disappointing. ;-)
Many ransomware groups of today operate in the same way a legal tech startup would. It’s a large organization with clear goals, not just some guys fooling around. It’s a funny thought tho.
How do laypersons (noobs) like me learn about this stuff? Like Wired magazine technical level.
I've just started Darknet Diaries podcast. So great.
When I worked on electronic medical records, I assumed it was just a matter of time until we were hacked (too). All the most banal reasons: many vendors, shared passwords, root/admin access, etc.
they should just leak the game, rockstar should take the opportunity to create gta7 by training AI using gta6 and then making lifelike visuals. would be better.
Maybe I'm missing something, but how would GTA6 source leak really harm Rockstar? I mean it's unlikely it would be possible to compile a full working game from the leak, and even if so, it's such a non-trivial task, that I don't believe it would hurt sales /that/ much.
The only thing I can imagine is the story would get spoiled on the internet, but that's about it.
It'd make it a pain to stop abuse of their online platform when it launches, which is financially problematic given gta 5 online made rockstar billions.
I would speculate that it’s not about individuals compiling and playing without paying, but that with access to the codebase, creating cracks and online cheats would be trivial, which might actually hurt their bottom line
Rockstar Games Hacked, Hackers Threaten a Massive Data Leak If Not Paid Ransom
This is just my opinion but that is not much of a threat and I think they should ignore it. Rockstars social platform has always had abhorrent security and players have always been able to easily doxx one another, know where other players live, boot each other out of games to the point of requiring multiple mod-menus just to be in a multi-player lobby in my experience thus extortion of money for player data from snowflake is just redundant.
Update: 4/11/26, 11:45 a.m. ET: Rockstar Games confirmed that a data breach has happened. A spokesperson sent over this statement to Kotaku:
“We can confirm that a limited amount of non-material company information was accessed in connection with a third-party data breach. This incident has no impact on our organization or our players.”
That's what I would say regardless of if I was considering paying or not.
> “Rockstar Games, your Snowflake instances were compromised thanks to Anodot.com. Pay or leak. This is a final warning to reach out by 14 Apr 2026 before we leak, along with several annoying (digital) problems that’ll come your way. Make the right decision, don’t be the next headline.”
Anyone familiar with "Snowflake" enough to say what sort of data was typically hosted there? Judging by the website and the lack of specifics about the data, I'm guessing it's less about assets, artifacts and stuff like that, and more about financial data and general/generic "business" stuff?
In my experienced Snowflake is often used as a data warehouse.
It's a database, but you could store basically any OLAP type things there, all your stuff for aggregate customer data for instance.
Sure, but some databases are sold/bought more by brand recognition and for the type of data rather than actual technical capabilities. Don't ask me why, just very familiar with people making those sort of choices.
I've seen companies literally mirror every piece of data they have in snowflake to do AI/analytics stuff. There's probably a lot of of shit in there.
Snowflake is typically used for data analytics in my experience. It's going to have financial stuff very likely, but not like raw documents. Definitely not source code.
I mean technically you can stuff documents into a column with the BINARY datatype provided they are under 67 MB each, but it's not really meant to be used as a document store.
Coincidentally and Interestingly, again, I was reading an old thread from 2015 titled - ProtonMail pays $6k ransom, gets taken out by DDoS anyway
The top comment says -
"NEVER EVER PAY RANSOM MONEY. Please. Even if your business will suffer it will suffer a lot more if you do pay since now it is known you'll cave. Also: you are making the problem larger for others."
The top response to that comment says -
"From their blog: https://protonmaildotcom.wordpress.com/ At around 2PM, the attackers began directly attacking the infrastructure of our upstream providers and the datacenter itself. The coordinated assault on our ISP exceeded 100Gbps and attacked not only the datacenter, but also routers in Zurich, Frankfurt, and other locations where our ISP has nodes. This coordinated assault on key infrastructure eventually managed to bring down both the datacenter and the ISP, which impacted hundreds of other companies, not just ProtonMail.
At this point, we were placed under a lot of pressure by third parties to just pay the ransom, which we grudgingly agreed to do at 3:30PM Geneva time to the bitcoin address 1FxHcZzW3z9NRSUnQ9Pcp58ddYaSuN1T2y. This was a collective decision taken by all impacted companies, and while we disagree with it, we nevertheless respected it taking into the consideration the hundreds of thousands of Swiss Francs in damages suffered by other companies caught up in the attack against us. We hoped that by paying, we could spare the other companies impacted by the attack against us, but the attacks continued nevertheless. This was clearly a wrong decision so let us be clear to all future attackers – ProtonMail will NEVER pay another ransom. "
Full thread here -
https://news.ycombinator.com/item?id=10523583
Most hackers actually keep their promises if paid the ransom, nowadays.
It sounds perverse but the incentives require it: if payment didn't bring resolution, no one would pay. As a result, all of the big gangs avoid scamming.
That was the state of play in 2015 as well. In the absence of a claim from the group otherwise, I wouldn't be surprised if they simply couldn't get it to stop (on a technical level.)
Way back when, it was a pretty common screwup to accidentally saturate the nodes you were packeting from. So then your C&C couldn't get them to respond, either. Oops.
>Most hackers actually keep their promises if paid the ransom, nowadays.
I don't think that's actually true, or at least is certainly cannot be taken for granted. Instead, it appears ransom has followed more of the path of Silicon Valley VCs:
.It sounds perverse but the incentives require it: if payment didn't bring resolution, no one would pay. As a result, all of the big gangs avoid scamming.
What you're describing is the expected Game Theory outcome over long periods in an iterated game. This works as long as the payment amount is towards the <salary> side of the potential payment spectrum, where each payment may well be decent money for the work the ransomers put in but not so much that they don't need new ransoms. The problem comes if/when the absolute amount of payment moves from "salary" to the "Exit"/"Retirement" side of the spectrum, ie, heads into what VC would call "Unicorn" status. At some level of money it reaches the point where the ransomers need never work again in their lives, it's enough money to get out of the risky business and live off of it indefinitely. It's now no longer an iterated game but a single game, and in single games defection can be rewarded. It no longer matters if reputation is burned, on the contrary it might be the moment to cash all accumulated rep in.
I think in general, both on the bright and dark sides, this sort of "phase change" in a given market space is worth trying to keep an eye out for because it can result in significantly changed behavior "out of nowhere" that can head in ugly directions very fast.
Yeah, this business is based on actually delivering the promise.
The point is that by paying you incentivize it and make it worthwhile not that the hackers keep promises.
That makes sense. They should pay, then.
I honestly expected the demand to be "Release GTA 6 soon or else we will". ...The fact that they're just demanding money is a little disappointing. ;-)
Many ransomware groups of today operate in the same way a legal tech startup would. It’s a large organization with clear goals, not just some guys fooling around. It’s a funny thought tho.
How do laypersons (noobs) like me learn about this stuff? Like Wired magazine technical level.
I've just started Darknet Diaries podcast. So great.
When I worked on electronic medical records, I assumed it was just a matter of time until we were hacked (too). All the most banal reasons: many vendors, shared passwords, root/admin access, etc.
I imagine things haven't improved much since.
Darknet Drinking Game: a shot every time something is “unbelievable to me”
Yeah but large tech companies don’t just operate by breaking laws like this.
laws that allow big players hurt minorities are any good? Rockstar recently had a strike from their workers by their abuse and layoffs
You sure about that?
Sure they do, Uber is probably the most famous in that regard, but plenty break things and pay a fine later.
In fact I’d say that sort of law breaking is downright routine. The key difference is the ability to afford a really good legal and lobbying team.
they should just leak the game, rockstar should take the opportunity to create gta7 by training AI using gta6 and then making lifelike visuals. would be better.
How fitting with their games. They should include the hackers in GTA7
Please, please let that leak be the source code of GTA SA :D
Do we not have GTA5 source already?
Yes, but GTA5 leaked a decade after its release. Rockstar didn't really suffer any significant damage from it.
If 6 leaks before release, though, that's a completely different story. I can imagine them actually paying a ransom if that happened.
Maybe I'm missing something, but how would GTA6 source leak really harm Rockstar? I mean it's unlikely it would be possible to compile a full working game from the leak, and even if so, it's such a non-trivial task, that I don't believe it would hurt sales /that/ much.
The only thing I can imagine is the story would get spoiled on the internet, but that's about it.
It'd make it a pain to stop abuse of their online platform when it launches, which is financially problematic given gta 5 online made rockstar billions.
I feel the need to say it shouldn't be this way, to avoid an onslaught of replies, but:
It would be dramatically easier to discover and exploit vulnerabilities/glitches in their multiplayer experience, which is their cash cow.
On the other hand, maybe the community could submit bug fixes for loading times.
https://news.ycombinator.com/item?id=26296339
I would speculate that it’s not about individuals compiling and playing without paying, but that with access to the codebase, creating cracks and online cheats would be trivial, which might actually hurt their bottom line
..again?
[dead]
Holy shit - according to the same article, an autistic teen last hacked them and was sentenced to life in an asylum!