ShinyHunters Breaches Anodot, Compromises Snowflake Customer Data in Supply Chain Attack
The ShinyHunters extortion group has claimed responsibility for a supply chain attack on Anodot, an AI-driven cloud analytics platform, resulting in the theft of authentication tokens for over a dozen Snowflake customer accounts. The breach, detected in mid-2024, mirrors a previous campaign where the group exploited weak security measures particularly the lack of multi-factor authentication (MFA) to infiltrate Snowflake environments.
Hackers gained access to Anodot’s infrastructure, extracting tokens that allowed them to compromise Snowflake customer accounts. While they attempted to breach Salesforce accounts as well, their efforts were reportedly blocked. Snowflake confirmed "unusual activity" tied to a third-party integration but emphasized that its core systems remained uncompromised. The company locked down affected accounts and notified impacted customers.
ShinyHunters, known for high-profile data theft and extortion, previously targeted Snowflake customers in early 2024, stealing sensitive data from major corporations, including AT&T, Ticketmaster, and Santander. The group has since resurfaced, claiming to have exfiltrated data from "dozens of companies" via the Anodot breach and is expected to pursue extortion demands. The incident underscores ongoing risks in third-party integrations and the critical need for robust authentication controls.
Anodot by Glassbox cybersecurity rating report: https://www.rankiteo.com/company/anodot-ai
"id": "ANO1775660105",
"linkid": "anodot-ai",
"type": "Breach",
"date": "4/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Technology, Cloud Analytics',
'name': 'Anodot',
'type': 'AI-driven cloud analytics platform'},
{'customers_affected': 'Over a dozen',
'industry': 'Technology, Data Management',
'name': 'Snowflake',
'type': 'Cloud data warehousing'},
{'customers_affected': 'Attempted breach, blocked',
'industry': 'Technology, CRM',
'name': 'Salesforce',
'type': 'Customer relationship management (CRM)'}],
'attack_vector': 'Third-party integration exploitation, stolen authentication '
'tokens',
'customer_advisories': 'Impacted customers notified',
'data_breach': {'data_exfiltration': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Authentication tokens, customer '
'account data'},
'date_detected': '2024-06-01',
'description': 'The ShinyHunters extortion group has claimed responsibility '
'for a supply chain attack on Anodot, an AI-driven cloud '
'analytics platform, resulting in the theft of authentication '
'tokens for over a dozen Snowflake customer accounts. The '
'breach, detected in mid-2024, mirrors a previous campaign '
'where the group exploited weak security measures, '
'particularly the lack of multi-factor authentication (MFA), '
'to infiltrate Snowflake environments. Hackers gained access '
'to Anodot’s infrastructure, extracting tokens that allowed '
'them to compromise Snowflake customer accounts. While they '
'attempted to breach Salesforce accounts as well, their '
"efforts were reportedly blocked. Snowflake confirmed 'unusual "
"activity' tied to a third-party integration but emphasized "
'that its core systems remained uncompromised. The company '
'locked down affected accounts and notified impacted '
'customers.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': 'Authentication tokens, customer account data',
'identity_theft_risk': 'High',
'operational_impact': 'Account lockdowns, third-party integration '
'disruptions',
'systems_affected': 'Snowflake customer accounts, Anodot '
'infrastructure'},
'initial_access_broker': {'entry_point': 'Anodot infrastructure',
'high_value_targets': 'Snowflake customer accounts'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Critical need for robust authentication controls (MFA) in '
'third-party integrations, ongoing risks in supply chain '
'security.',
'motivation': 'Extortion, data theft',
'post_incident_analysis': {'corrective_actions': 'Enhanced MFA enforcement, '
'account lockdowns, '
'third-party integration '
'security reviews',
'root_causes': 'Lack of MFA in third-party '
'integrations, weak authentication '
'token security'},
'ransomware': {'data_exfiltration': 'Yes'},
'recommendations': 'Implement multi-factor authentication (MFA) for all '
'third-party integrations, enhance monitoring of '
'authentication tokens, conduct regular security audits of '
'supply chain partners.',
'response': {'communication_strategy': 'Customer notifications',
'containment_measures': 'Account lockdowns, third-party '
'integration review',
'remediation_measures': 'Enhanced authentication controls (MFA)'},
'threat_actor': 'ShinyHunters',
'title': 'ShinyHunters Breaches Anodot, Compromises Snowflake Customer Data '
'in Supply Chain Attack',
'type': 'Supply Chain Attack',
'vulnerability_exploited': 'Lack of multi-factor authentication (MFA)'}