“We can confirm that a limited amount of non-material company information was accessed in connection with a third-party data breach. This incident has no impact on our organization or our players.”
I was about mid-way through my bid when another inmate told me "new guy in B3 is a another hacker." I got really excited—I'd have someone to talk shop with, at the very least.
My takeaway from him was that they're a bunch of contemporary "script kiddies" with a lot of time on their hands.
This tracks.
Anyone familiar with "Snowflake" enough to say what sort of data was typically hosted there? Judging by the website and the lack of specifics about the data, I'm guessing it's less about assets, artifacts and stuff like that, and more about financial data and general/generic "business" stuff?
The top comment says -
"NEVER EVER PAY RANSOM MONEY. Please. Even if your business will suffer it will suffer a lot more if you do pay since now it is known you'll cave. Also: you are making the problem larger for others."
The top response to that comment says -
"From their blog: https://protonmaildotcom.wordpress.com/ At around 2PM, the attackers began directly attacking the infrastructure of our upstream providers and the datacenter itself. The coordinated assault on our ISP exceeded 100Gbps and attacked not only the datacenter, but also routers in Zurich, Frankfurt, and other locations where our ISP has nodes. This coordinated assault on key infrastructure eventually managed to bring down both the datacenter and the ISP, which impacted hundreds of other companies, not just ProtonMail.
At this point, we were placed under a lot of pressure by third parties to just pay the ransom, which we grudgingly agreed to do at 3:30PM Geneva time to the bitcoin address 1FxHcZzW3z9NRSUnQ9Pcp58ddYaSuN1T2y. This was a collective decision taken by all impacted companies, and while we disagree with it, we nevertheless respected it taking into the consideration the hundreds of thousands of Swiss Francs in damages suffered by other companies caught up in the attack against us. We hoped that by paying, we could spare the other companies impacted by the attack against us, but the attacks continued nevertheless. This was clearly a wrong decision so let us be clear to all future attackers – ProtonMail will NEVER pay another ransom. "
Full thread here -
This is just my opinion but that is not much of a threat and I think they should ignore it. Rockstars social platform has always had abhorrent security and players have always been able to easily doxx one another, know where other players live, boot each other out of games to the point of requiring multiple mod-menus just to be in a multi-player lobby in my experience thus extortion of money for player data from snowflake is just redundant.
These days, companies try to mitigate the reputational harm associated with paying the ransom by instead paying security firms that "specialize in ransomware recovery" and claim to have "proprietary trade secret means of decrypting their clients' files". These firms always just happen to charge more than the cost of the ransom for their services. They then provide a non-itemized receipt, and both parties walk away happy and without having to admit to anything. Here's a good article on this practice if you're interested. https://features.propublica.org/ransomware/ransomware-attack...
I mean technically you can stuff documents into a column with the BINARY datatype provided they are under 67 MB each, but it's not really meant to be used as a document store.
It sounds perverse but the incentives require it: if payment didn't bring resolution, no one would pay. As a result, all of the big gangs avoid scamming.
If 6 leaks before release, though, that's a completely different story. I can imagine them actually paying a ransom if that happened.
I've just started Darknet Diaries podcast. So great.
When I worked on electronic medical records, I assumed it was just a matter of time until we were hacked (too). All the most banal reasons: many vendors, shared passwords, root/admin access, etc.
I imagine things haven't improved much since.
Way back when, it was a pretty common screwup to accidentally saturate the nodes you were packeting from. So then your C&C couldn't get them to respond, either. Oops.
I don't think that's actually true, or at least is certainly cannot be taken for granted. Instead, it appears ransom has followed more of the path of Silicon Valley VCs:
.It sounds perverse but the incentives require it: if payment didn't bring resolution, no one would pay. As a result, all of the big gangs avoid scamming.
What you're describing is the expected Game Theory outcome over long periods in an iterated game. This works as long as the payment amount is towards the <salary> side of the potential payment spectrum, where each payment may well be decent money for the work the ransomers put in but not so much that they don't need new ransoms. The problem comes if/when the absolute amount of payment moves from "salary" to the "Exit"/"Retirement" side of the spectrum, ie, heads into what VC would call "Unicorn" status. At some level of money it reaches the point where the ransomers need never work again in their lives, it's enough money to get out of the risky business and live off of it indefinitely. It's now no longer an iterated game but a single game, and in single games defection can be rewarded. It no longer matters if reputation is burned, on the contrary it might be the moment to cash all accumulated rep in.
I think in general, both on the bright and dark sides, this sort of "phase change" in a given market space is worth trying to keep an eye out for because it can result in significantly changed behavior "out of nowhere" that can head in ugly directions very fast.
In fact I’d say that sort of law breaking is downright routine. The key difference is the ability to afford a really good legal and lobbying team.
The only thing I can imagine is the story would get spoiled on the internet, but that's about it.
It would be dramatically easier to discover and exploit vulnerabilities/glitches in their multiplayer experience, which is their cash cow.
More bad news for Rockstar Games. This time, established hacker group ShinyHunters is claiming to have breached the company’s secured cloud servers and now claims to have their hands on a large collection of data. The group wants a digital ransom to be paid by April 14, or it will reportedly leak what it has.
Update: 4/11/26, 11:45 a.m. ET: Rockstar Games confirmed that a data breach has happened. A spokesperson sent over this statement to Kotaku:
“We can confirm that a limited amount of non-material company information was accessed in connection with a third-party data breach. This incident has no impact on our organization or our players.”
Original story continues below…
As reported by Cybersec Guru and Hackread, on April 11, the hacker group posted on its dark web site dedicated to leaks that it had gained access to Rockstar’s Snowflake servers, a cloud-hosting company and provider that works with many large companies. Here is the message the group shared on Saturday:
“Rockstar Games, your Snowflake instances were compromised thanks to Anodot.com. Pay or leak. This is a final warning to reach out by 14 Apr 2026 before we leak, along with several annoying (digital) problems that’ll come your way. Make the right decision, don’t be the next headline.”
The hackers didn’t actually crack Snowflake’s security, however. Instead, it’s reported that the group gained access to the data via Anodot, a cloud cost monitoring and analytics software service that Rockstar and other companies use to manage cloud data. It has recently been reported that Anodot has suffered a security breach, possibly providing a path for ShinyHunters to gain access to secure Snowflake data. The method the group used allegedly would have looked legit to Rockstar, meaning the group likely has a lot of data on its hands now.
ShinyHunters hasn’t publicly stated what data or files they have access to and could leak, though it’s believed they don’t have access to passwords or personal player data. Instead, this hack was focused on corporate information and assets, which could include contracts, financial documents, marketing plans, and other data that Rockstar Games would likely not want publicly shared online in a few days.
The ShinyHunters have been around since 2020 and typically go after large companies. Past targets have included Microsoft, Ticketmaster, Cisco, AT&T, and Wattpad. They try to ransom data or sell it. If the group is claiming to have breached Rockstar and stolen data, they likely aren’t bluffing.
In 2022, Rockstar Games suffered an infamous hack that led to a lot of early GTA 6 gameplay footage and assets being leaked online. That hack was pulled off by a teenager who was able to gain access to the company’s Slack chat service. The UK teen was later sentenced to life in a hospital prison and will only be released in the future if doctors decide he’s no longer a danger to others.
Don’t miss the latest reviews, news and tips. Sign up for our free newsletter.