- ShinyHunters broke Anodot and stole Snowflake tokens
- Attack affected more than a dozen Snowflake customers
- The group claims data theft and extortion, echoing the 2024 campaign
A supply chain attack on a research firm has resulted in more than a dozen Snowflake customers losing their sensitive information.
The ShinyHunters extortion group recently breached Anodot, an AI-powered, cloud-based analytics platform that hunts down business events and anomalies in real-time, helping companies identify sudden drops in sales, cost increases or technical failures before they can significantly impact the organization and its customers.
The hackers managed to find Anodot’s authentication tokens, which gave them access to the customer’s Snowflake accounts. They even tried to access Salesforce accounts, but were apparently detected and blocked before they could infiltrate.
The article continues below
ShinyHunters claim
Snowflake told Bleeping Computer it detected “unusual activity” affecting a small number of its customers:
“We recently discovered unusual activity within a small number of Snowflake customer accounts linked to a specific third-party integration,” Snowflake said Bleeping Computer.
“We immediately launched an investigation and, out of an abundance of caution, locked down potentially affected customer accounts. We also notified potentially affected customers and provided precautionary guidance to help them further protect their accounts.”
Snowflake emphasized that its systems were not compromised and no bugs were exploited.
Shortly after the news broke, ShinyHunters reached out to the publication, claiming the attack and saying they stole data from “dozens of companies.” They also confirmed that they tried to breach Salesforce and failed, saying the attack originated from Anodot. They stated that they have had access to the company’s infrastructure “for some time”.
ShinyHunters love to target Snowflake customers. In 2024, there was a major customer data theft and extortion campaign in which hackers used stolen usernames and passwords to log into Snowflake customer environments that did not use multi-factor authentication (MFA). Once inside, they downloaded sensitive data from dozens of companies’ Snowflake instances, including huge datasets from big names like AT&T, Ticketmaster/Live Nation, Santander, Neiman Marcus and others.
They later tried to blackmail the victims in exchange for deleting the stolen files, and the same is apparently happening now.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
