Light bulb Limited Spots Available: Secure Your Lifetime Subscription on Gumroad!

Jun 03, 2026 · 6 min read

Atlas Menu Cheat Service Leaked 64K GTA V Users

Atlas Menu, a paid cheating service for Grand Theft Auto V and Counter Strike 2 that advertises "secure authentication," "privacy protections," and "advanced encryption" on its own homepage, had the contents of those promises dumped onto a public GitHub repository on June 2, 2026. About 64,000 user accounts, complete with email addresses, usernames, IP addresses, bcrypt password hashes, and the full support ticket history, were added to Have I Been Pwned the same day.

The person who published the data left a note. They described the dump as "retaliation against an alleged scammer" and claimed they had "compromised all Atlas systems." Whatever the motive, the practical outcome is identical: 64,000 people who paid to evade detection inside a game are now indexed in a public breach database under their real email addresses.

Key Takeaways

  • Atlas Menu, a GTA V and Counter Strike 2 cheat service, was breached on or before June 2, 2026, with 64,000 user accounts dumped to a public GitHub repository and indexed in Have I Been Pwned the same day.
  • The leaked records include email addresses, usernames, IP addresses, bcrypt hashed passwords, and complete support ticket history including questions users sent to staff.
  • The unnamed attacker described the operation as "retaliation against an alleged scammer" and claimed they had "compromised all Atlas systems," with the dump posted publicly rather than sold.
  • Atlas Menu's own marketing copy promises "secure authentication," "privacy protections," and "advanced encryption," none of which prevented the entire user database from being published on GitHub.
A worn black computer keyboard with a gaming controller resting on top, set on a wooden desk in a dim room lit by the glow of a single nearby monitor

What Is Atlas Menu and Why Do People Buy It?

Atlas Menu is a subscription cheat service that sells modified game clients and aim assistance tooling for two of the most heavily moderated online games on the market: Rockstar Games' Grand Theft Auto V and Valve's Counter Strike 2. The service charges a monthly fee, accepts cryptocurrency, and tries to differentiate from the dozens of competing cheat shops by claiming a higher security bar. Its homepage uses the same vocabulary a SaaS product would: secure authentication, encrypted storage of customer data, privacy protections by default.

According to Help Net Security, every one of those security claims is now contradicted by a public GitHub repository. The repository contains the same support tickets the marketing copy was supposed to protect, plus the email and IP address of every paying user.

What Data Was Exposed?

The dump indexed by Have I Been Pwned contains, for each of the roughly 64,000 affected accounts:

  • Email address used to register, which is also the unique identifier across the customer base.
  • Username displayed inside the Atlas Menu client.
  • IP address at the time of registration or last login, which is enough to geolocate users to a city or known VPN exit node.
  • Bcrypt hashed password, the one defensive choice that survived the dump. Bcrypt is slow enough that mass cracking is unattractive, though weak passwords will still fall.
  • Complete support ticket history, including the messages users sent to Atlas staff when something went wrong with the cheat.

The support tickets are the part most users probably did not anticipate. Anyone who emailed the service from a personal account, asked a question that referenced their gamertag, or cited a game ban they were trying to evade is now associated with that question in a publicly searchable database. For paying customers who used a non disposable email, the link between real identity and cheating activity is now external.

Who Did It and Why?

The attacker did not name themselves, did not extort the operator, and did not try to sell the data. They simply published it. The note attached to the dump describes the action as "retaliation against an alleged scammer" and claims complete compromise of the Atlas infrastructure. That framing fits the established pattern inside cheating communities: rivalries between cheat developers periodically spill into public dumps, with one operator publishing another's customer list as commercial sabotage.

There is precedent. Just weeks ago, Rockstar Games itself suffered a separate breach claimed by ShinyHunters, which we wrote up in the Vimeo / Anodot 119K emails dump alongside the rest of the Anodot pipeline incidents. Reddit threads from longtime Atlas users also note this may not be the first incident, although no earlier breach has been publicly verified.

Why Should Anyone Outside the Cheating Scene Care?

Two reasons. First, the Atlas customer list is a high quality target list for follow up attacks. People who paid for an evasion product have already demonstrated willingness to engage with risky software. A phishing email referencing their cheat subscription, their support ticket, or a fake game ban appeal can be written from the dump in an hour and will convert at high rates inside that audience.

Second, the pattern is broader than gaming. Any service that markets "encrypted" or "secure" handling of user data and ships without basic operational defences sets up the same outcome. The Atlas Menu homepage looks indistinguishable from any small SaaS landing page; the substance behind the claims was a public GitHub repository waiting to leak.

What Affected Users and Adjacent Targets Should Do

If you were ever a paying Atlas Menu user, or you used the same email and password elsewhere, the playbook is mechanical:

  1. Search Have I Been Pwned for the email you used. If Atlas Menu appears, treat that password as public.
  2. Rotate the password everywhere it was reused. Bcrypt slows attackers, it does not stop them. The same string applied across multiple services is the actual risk.
  3. Disable automatic login on game launchers tied to that email. Anyone targeting the dump will start with the obvious adjacencies, primarily Steam and Rockstar accounts.
  4. Expect phishing within 48 hours. A campaign claiming to be Atlas support, Steam moderation, or Rockstar's anti cheat team is the most likely follow up. Treat any message in your inbox referencing the breach as hostile unless verified out of band.
  5. Burn the email if it is a real one. If the registration email was your primary inbox, set up filters and aliases now. The dump is permanent; the address tied to it is going to receive scams for years.

The Lesson for Anyone Trusting a "Secure" Tagline

Atlas Menu's customers were sold a privacy promise. They received a public database. That is a long running pattern across small operators that put security copy on the marketing page without funding the engineering behind it. The defensive position for users is to stop treating the homepage as evidence and start assuming, for any niche service, that the database will end up public at some point. The good operators audit the assumption out of being true. The rest discover the assumption when their customers do.

Stop Email Tracking in Gmail

Spy pixels track when you open emails, where you are, and what device you use. Gblock blocks them automatically.

Try Gblock Free for 30 Days

No credit card required. Works with Chrome, Edge, Brave, and Arc.