The extortion group ShinyHunters breached the analytics platform Anodot to steal authentication tokens, subsequently compromising the Snowflake accounts of more than a dozen corporate customers in a supply-chain attack.

Key Points

• The ShinyHunters group gained unauthorized access to Anodot’s infrastructure to harvest authentication tokens.
• Hackers used the stolen tokens to infiltrate the Snowflake environments of over a dozen organizations.
• Snowflake confirmed the breach was linked to a third-party integration and stated its own core systems remained secure.
• The attackers attempted to breach Salesforce accounts but were detected and blocked before gaining access.
• This incident follows a broader 2024 campaign where ShinyHunters targeted Snowflake customers to extort major companies like AT&T and Ticketmaster.

Why it Matters

This breach highlights the significant security risks posed by third-party integrations in cloud-based supply chains. Organizations must prioritize rigorous access management and monitoring for all connected services to prevent attackers from leveraging one platform to compromise sensitive data across multiple enterprise environments.