Rockstar Video games has suffered a data breach linked to a current security incident at Anodot, with the ShinyHunters extortion gang now leaking the stolen knowledge on its knowledge leak web site.
The risk actors declare the information was taken from Snowflake environments utilizing authentication tokens stolen throughout a current Anodot security incident.
They’ve now printed what they are saying is Rockstar Video games knowledge containing greater than 78.6 million information.
“Your Snowflake cases metrics knowledge was compromised because of Anodot.com,” reads a list on the ShinyHunters extortion web site.
Supply: BleepingComputer
Rockstar Video games didn’t reply to a number of requests for remark concerning the breach from BleepingComputer. Nonetheless, in an announcement shared with Kotaku, the corporate confirmed that it suffered a data breach.
“We are able to verify {that a} restricted quantity of non-material firm info was accessed in reference to a third-party data breach,” Rockstar informed Kotaku.
“This incident has no impression on our group or our gamers.”
The risk actors informed BleepingComputer that the leaked knowledge primarily consists of inner analytics used to watch Rockstar’s on-line companies and help tickets.
This knowledge allegedly contains in-game income and buy metrics, participant conduct monitoring, and sport financial system knowledge for Grand Theft Auto On-line and Purple Useless On-line. The datasets additionally seem to comprise buyer help analytics for the corporate’s Zendesk help occasion.
In a file checklist proven to BleepingComputer, there have been references to fraud detection programs and anti-cheat mannequin testing.
The incident is an element of a bigger knowledge theft marketing campaign linked to a current security incident at Anodot, an information anomaly detection firm that integrates with a variety of SaaS cloud platforms.
As first reported by BleepingComputer, the risk actors stole authentication tokens from the service and used them to entry buyer knowledge saved in linked Snowflake, S3, and Amazon Kinesis cases.
Snowflake confirmed to BleepingComputer final week that it had detected uncommon exercise affecting a small variety of buyer accounts tied to a third-party integration, and responded by locking down the affected accounts and notifying prospects.
The corporate later confirmed that the third-party integration firm was Anodot.
The ShinyHunters group informed BleepingComputer it was behind the assaults and claimed to have stolen knowledge from dozens of firms utilizing the compromised tokens.
Rockstar Video games beforehand suffered a breach in 2022 when a hacker related to the Lapsus$ extortion group leaked Grand Theft Auto 6 gameplay movies and supply code.
Automated pentesting proves the trail exists. BAS proves whether or not your controls cease it. Most groups run one with out the opposite.
This whitepaper maps six validation surfaces, reveals the place protection ends, and gives practitioners with three diagnostic questions for any software analysis.
