Last week, as exclusively reported by Hackread.com, when ShinyHunters first claimed it had accessed Rockstar Games data through Anodot by compromising a connected Snowflake account, the details were uncertain. Now the group has released the entire stolen data, giving us a clear picture of what was actually exposed and what was not.
The leaked files, 25 in total and about 7.54 GB in size, consist primarily of internal analytics and reporting data, with no customer or personal information present. Filenames reference metrics linked to GTA Online and Red Dead Online, including booking figures, virtual currency redemptions, and regional performance tracking. Entries such as daily KPI reports and revenue breakdowns point to business intelligence systems rather than game infrastructure or user databases.
Looking at the structure of the data, it does appear to come from automated exports generated by analytics pipelines. The files are compressed CSV outputs, commonly used for batch reporting in cloud data platforms like Snowflake. This supports earlier reporting that the access point was not Rockstar’s core network but a third-party analytics integration, believed to involve Anodot.
Some of the files also reference internal monitoring and testing. For example, dataset names linked to cheat detection models and platform-level revenue mismatches suggest the data includes operational insights used by Rockstar teams to manage gameplay balance and detect abuse. There are also references to Zendesk ticket metrics and customer support reporting, indicating visibility into service operations rather than individual player accounts.
What is not present in the leaked material is just as important. There are no player credentials, account data, or unreleased game assets such as GTA VI content. That aligns with Rockstar’s earlier statement that the breach involved limited company information and did not impact players.
However, the incident is still important from a business perspective. Internal analytics data can reveal how in-game economies are managed, how revenue flows, and how support systems respond to issues. For attackers, this type of information can be valuable even without direct access to users.
Nevertheless, targeting Anodot, a third-party platform that aggregates and analyzes data from multiple sources, to steal data from a larger firm is now the typical modus operandi of the ShinyHunters group. It shows threat actors can now access a wide view of operations without breaching the main environment.
The good news is that Rockstar Games customers and players were not affected, as the leaked dataset contains no personal or user data. The company appears to have excluded customer information before sharing data with Anodot.
