- ShinyHunters broke into Anodot and stole Snowflake tokens
- The attack affected more than a dozen Snowflake customers
- The group denounces data theft and extortion, echoing the 2024 campaign
A supply chain attack at an analytics company caused more than a dozen Snowflake customers to lose their sensitive data.
The ShinyHunters extortion group recently broke into Anodot, a cloud-based analytics platform powered by artificial intelligence that searches for business incidents and anomalies in real time, helping companies identify sudden drops in sales, cost increases or technical failures, before they can significantly impact the organization and its customers.
The hackers managed to find Anodot’s authentication tokens, which allowed them to access Snowflake customer accounts. They even attempted to access Salesforce accounts but were apparently detected and blocked before they could infiltrate.
Article continues below.
ShinyHunters claims
Snowflake said beepcomputer detected “unusual activity” that affected a small number of its customers:
“We recently detected unusual activity within a small number of Snowflake customer accounts linked to a specific third-party integration,” Snowflake said. beepcomputer.
“We immediately launched an investigation and, out of an abundance of caution, locked potentially affected customer accounts. We also notified potentially affected customers and provided preventive guidance to help them further protect their accounts.”
Snowflake emphasized that its systems were not compromised and that no bugs were exploited.
Shortly after the news broke, ShinyHunters reached out to the publication, claiming responsibility for the attack and saying that data from “dozens of companies” had been stolen. They also confirmed trying to breach Salesforce and failing, and said the attack originated from Anodot. They stated that they have had access to that company’s infrastructure “for some time.”
ShinyHunters love targeting Snowflake customers. In 2024, there was a major extortion and customer data theft campaign, in which hackers used stolen usernames and passwords to log into Snowflake customer environments that did not use multi-factor authentication (MFA). Once inside, they downloaded sensitive data from dozens of enterprise Snowflake instances, including huge data sets from big names like AT&T, Ticketmaster/Live Nation, Santander, Neiman Marcus, and others.
They later tried to extort money from the victims in exchange for deleting the stolen files and apparently the same thing is happening now as well.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
