- ShinyHunters breached Anodot and stole Snowflake tokens
- Attack affected more than a dozen Snowflake customers
- Group claims data theft and extortion, echoing 2024 campaign
An attack on an analytics company’s supply chain caused more than a dozen Snowflake customers to lose their sensitive information.
Extortion group ShinyHunters recently broke into Anodot, an AI-powered cloud analytics platform that scans for business incidents and anomalies in real time, helping businesses identify sudden sales drops, cost increases, or technical issues, before they can have a significant impact on the organization and its customers.
The hackers managed to find Anodot authentication tokens, which allowed them to access Snowflake customer accounts. They even attempted to access Salesforce accounts but were apparently detected and blocked before they could infiltrate.
Article continues below
ShinyHunters claims
Snowflake said BeepComputer it detected “unusual activity” which impacted a small number of its customers:
“We recently detected unusual activity within a small number of Snowflake customer accounts related to a specific third-party integration,” Snowflake said. BeepComputer.
“We immediately launched an investigation and, out of an abundance of caution, locked potentially affected customer accounts. We also notified potentially affected customers and provided them with precautionary guidance to help them better protect their accounts.”
Snowflake stressed that its systems were not compromised and that no bugs had been exploited.
Shortly after the news broke, ShinyHunters contacted the publication, claimed responsibility for the attack and said it had stolen data from “dozens of companies.” They also confirmed that they attempted to hack Salesforce, unsuccessfully, and said the attack came from Anodot. They said they had access to this company’s infrastructure “for some time.”
ShinyHunters loves targeting Snowflake customers. In 2024, there was a major customer data theft and extortion campaign, in which hackers used stolen usernames and passwords to log into Snowflake customer environments that did not use multi-factor authentication (MFA). Once inside, they downloaded sensitive data from dozens of companies’ Snowflake instances, including huge data sets from big names like AT&T, Ticketmaster/Live Nation, Santander, Neiman Marcus and others.
They then tried to extort the victims in exchange for deleting the stolen files and apparently the same thing is happening now too.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
