Data Theft Attacks on Snowflake Customers After SaaS Provider Breach

Data Theft Attacks on Snowflake Customers After SaaS Provider Breach

First seen 8 Apr 2026, 17:16 UTC BleepingcomputerScworldInklTechcrunchcloud.google.com 84% similarity 64.5

Article Content

Browse articles
ThreatCluster

A breach at a SaaS integration provider has led to data theft attacks affecting over a dozen companies, primarily targeting Snowflake's cloud-based data warehouse platform. The attackers exploited stolen authentication tokens, which were compromised during a security incident at Anodot, a data anomaly detection company. Snowflake confirmed unusual activity impacting a small number of customer accounts but stated that its systems were not directly compromised. The ShinyHunters extortion gang has claimed responsibility for the attacks and is demanding ransom payments to prevent the release of stolen data. Attempts to steal data from Salesforce using the stolen tokens were thwarted by AI detection systems. Snowflake has locked down potentially impacted accounts and is investigating the incident. The situation is ongoing, with multiple companies reportedly affected but only one, Payoneer, confirming they were not impacted.

Key Points: • Over a dozen companies, primarily Snowflake customers, were affected by data theft attacks. • Stolen authentication tokens from a breach at Anodot were used in the attacks. • The ShinyHunters gang is demanding ransom payments to prevent data release.

ThreatCluster AI

Timeline

2026-04-07
BleepingComputer reports on data theft attacks linked to Anodot breach.
2026-04-08
Scworld publishes summary of the ongoing data theft incident.

Community

Browse all →