Multiple organizations have fallen victim to a wave of data theft attacks after a breach at a third-party SaaS integration provider led to the theft of authentication tokens. The attacks primarily targeted customers of Snowflake, a widely used cloud data platform.
According to reports, threat actors used the stolen tokens to gain unauthorized access to customer environments, enabling them to extract sensitive data. Snowflake confirmed that it detected unusual activity affecting a limited number of customer accounts linked to a specific third-party integration.
The company emphasized that its own systems were not compromised. Instead, the breach originated externally, highlighting the growing risks associated with third-party integrations in cloud ecosystems. Snowflake responded quickly by securing affected accounts, launching an investigation, and notifying impacted customers with guidance on strengthening their defenses.
Sources indicate that the incident may be linked to a breach involving Anodot, a data analytics firm known for its anomaly detection capabilities. However, the company has not officially confirmed the breach.
The attacks have been attributed to the cybercriminal group ShinyHunters, which has reportedly stolen data from multiple organizations and is now attempting to extort victims by threatening to release the stolen information.
In addition to targeting Snowflake customers, the attackers also attempted to access data from Salesforce. However, these attempts were reportedly blocked before any data could be exfiltrated.
Cybersecurity experts note that this incident reflects a broader trend of supply chain attacks, where threat actors exploit trusted third-party services to infiltrate multiple organizations simultaneously. The use of stolen authentication tokens allows attackers to bypass traditional security controls, making detection more difficult.
Google’s Threat Intelligence Group has confirmed that it is actively tracking the campaign, though further details remain limited.
The incident serves as a stark reminder for organizations to closely monitor third-party integrations, enforce stricter access controls, and implement robust token management practices to reduce exposure.
Recommended Cyber Technology News:
- Stryker Confirms Massive Wiper Attack on Devices
- AnyTech365 and Global Tech Leaders Launch Scam.org to Combat Rising Online Fraud
- Cyberattack on Intuitive Surgical Compromises Data
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
