Back

Data Theft Attacks on Snowflake Customers After SaaS Provider Breach

Severity: High (Score: 64.5)

Sources: Scworld, Bleepingcomputer

Summary

A breach at a SaaS integration provider has led to data theft attacks affecting over a dozen companies, primarily targeting Snowflake's cloud-based data warehouse platform. The attackers exploited stolen authentication tokens, which were compromised during a security incident at Anodot, a data anomaly detection company. Snowflake confirmed unusual activity impacting a small number of customer accounts but stated that its systems were not directly compromised. The ShinyHunters extortion gang has claimed responsibility for the attacks and is demanding ransom payments to prevent the release of stolen data. Attempts to steal data from Salesforce using the stolen tokens were thwarted by AI detection systems. Snowflake has locked down potentially impacted accounts and is investigating the incident. The situation is ongoing, with multiple companies reportedly affected but only one, Payoneer, confirming they were not impacted. Key Points: • Over a dozen companies, primarily Snowflake customers, were affected by data theft attacks. • Stolen authentication tokens from a breach at Anodot were used in the attacks. • The ShinyHunters gang is demanding ransom payments to prevent data release.

Key Entities

  • Data Breach (attack_type)
  • Anodot (company)
  • Salesforce (company)
  • Snowflake (company)
  • T1078 - Valid Accounts (mitre_attack)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed