- ShinyHunters breached Anodot, stealing Snowflake tokens
- Attack hit more than a dozen Snowflake customers
- Group claims data theft and extortion, echoing 2024 campaign
A supply chain attack at an analytics company has resulted in more than a dozen Snowflake customers losing their sensitive information.
The ShinyHunters extortion group recently broke into Anodot, an AI-powered, cloud-based analytics platform that hunts for business incidents and anomalies in real-time, helping businesses identify sudden drops in sales, cost spikes, or technical glitches, before they can significantly impact the organization and its customers.
The hackers managed to find Anodot’s authentication tokens, which allowed them to access customer Snowflake accounts. They even tried to access Salesforce accounts but were apparently detected and blocked before being able to infiltrate.
Article continues below
ShinyHunters lay claim
Snowflake told BleepingComputer it detected “unusual activity” that impacted a small number of its customers:
“We recently detected unusual activity within a small number of Snowflake customer accounts linked to a specific third-party integration,” Snowflake told BleepingComputer.
“We immediately launched an investigation and, out of an abundance of caution, locked down potentially impacted customer accounts. We also notified potentially impacted customers and provided precautionary guidance to help them further protect their accounts.”
Snowflake stressed that its systems were not compromised, and no bugs were leveraged.
Soon after the news broke, ShinyHunters reached out to the publication, claimed the attack, and said they stole data from “dozens of companies”. They also confirmed having tried to breach Salesforce, and failing, and said the attack originated from Anodot. They stated that they’ve had access to that company’s infrastructure “for some time”.
ShinyHunters love targeting Snowflake customers. In 2024, there was a major customer data theft and extortion campaign, in which hackers used stolen usernames and passwords to log into Snowflake customer environments that did not use multi‑factor authentication (MFA). Once inside, they downloaded sensitive data from dozens of companies’ Snowflake instances, including huge datasets from big names like AT&T, Ticketmaster/Live Nation, Santander, Neiman Marcus and others.
They later tried to extort the victims in exchange for deleting the stolen files and apparently, the same is happening now, as well.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
https://cdn.mos.cms.futurecdn.net/qnjecY32ZZKeRMj3ukM4qS-1813-80.jpg
Source link
