Skip to main content
Emerging ThreatsData Breaches

Atlas Menu Hack Exposes 64,000 User Records

Gaming setup with computer and monitor on a desk, cityscape blurred in background.

A database containing 64,000 user records was published to GitHub after an attacker said they had compromised all Atlas systems and alleged the cheat service was taking screenshots of users' machines.

Atlas Menu: a GTA cheat service named in the breach

The incident centers on Atlas Menu, identified in reporting as a cheat service used in Grand Theft Auto. The public claim from an attacker ties the incident directly to Atlas Menu's systems, asserting a complete compromise of the service's infrastructure.

Attacker alleges screenshot spying and full compromise

According to the published account, the individual or group behind the release made two linked claims: that Atlas Menu's systems had been fully compromised and that the service was engaged in screenshot spying. Those allegations are the basis for the public disclosure of the database mentioned above. The report does not provide additional verification of the screenshot claim beyond the attacker's statement.

Database of 64,000 user records published to GitHub

The attacker published a database containing 64,000 user records to GitHub. The publication itself is the clearest, verifiable element described: a dataset tied to the Atlas Menu claim was made publicly available on that hosting platform. The record count — 64,000 — is the specific figure cited in the reporting.

What this means for Atlas Menu users, GitHub, and cheat service operators

  • Atlas Menu users: The publication of a dataset tied to the service and the attacker's claim of a full compromise are facts users must weigh. The presence of 64,000 user records in a publicly posted database means individuals linked to Atlas Menu should assume their service-related data has been exposed unless told otherwise by the service itself.
  • GitHub: The platform hosted the published dataset according to the report. That hosting is an observable fact in this incident: GitHub contained the public copy of the database at the time the story was reported.
  • Cheat service operators and similar vendors: The attacker’s dual claims — of system compromise and of active screenshot collection — underscore the reputational and operational risks associated with running third-party-modifying software or services. The publication of a large user dataset amplifies those risks by creating a visible, shareable artifact.

Evidence, claims, and open verification

The public record in this case is a mixture of observable material and declarative claims. The observable element is the GitHub posting of a database of 64,000 user records. The declarative elements are the attacker's statements that all Atlas systems were compromised and that Atlas Menu engaged in screenshot spying. The two categories are not the same: one is a published dataset; the others are allegations attached to that publication.

Conclusion: a compact incident with a clear public footprint and lingering questions

The episode is concise in the facts it presents: a database of 64,000 user records appeared on GitHub, and an attacker claimed both a total compromise of Atlas Menu systems and active screenshot spying. Those facts create a clear public footprint — a posted dataset and explicit allegations — while leaving verification and motive unresolved in the material provided. Who will validate the scope of the compromise and the truth of the screenshot allegation remains unanswered in the reporting. The published dataset and the attacker's statements are the elements now on the record.

Original story: https://www.theregister.com/security/2026/06/01/gta-cheat-service-atlas-menu-hacked-as-attacker-alleges-screenshot-spying/5249192