A breach at a SaaS integration provider exposed authentication tokens that were used in data theft attacks against more than a dozen companies. Most attacks targeted Snowflake customer accounts while the ShinyHunters extortion group claims responsibility and is demanding ransoms after allegedly exploiting an Anodot incident. #Snowflake #ShinyHunters
Keypoints
- A SaaS integrator breach exposed authentication tokens used to access customer cloud services.
- The majority of observed data theft attempts targeted Snowflake customer accounts.
- Snowflake detected unusual activity, locked potentially impacted accounts, and stated its systems were not compromised.
- The ShinyHunters extortion group claims responsibility and alleges the incident stems from an Anodot security breach.
- Attackers attempted to access Salesforce data but were blocked by AI detection, and Google Threat Intelligence is tracking the campaign.