In a development that has raised fresh cybersecurity concerns, a suspected breach involving Anodot is being linked to a series of attacks targeting users of the Snowflake platform. Hackers are believed to have used stolen authentication tokens to access sensitive data across multiple organisations.
Reports indicate that more than 12 companies experienced data theft after attackers obtained authentication tokens from a compromised SaaS integration provider, reportedly connected to Anodot. The activity has largely focused on Snowflake environments, drawing comparisons with a previous breach campaign involving the same platform.
Anodot stated that it detected unusual activity affecting a limited number of customer accounts linked to a specific third-party integration. The company clarified that its own systems were not directly compromised, affected accounts have been secured, and customers have been informed.
While Snowflake has not confirmed the identity of the third-party partner involved, multiple reports have pointed to a possible security incident related to Anodot. Social media posts have also claimed that the company itself was breached, though there is no official confirmation.
The situation highlights risks associated with SaaS integrations, where exposed credentials or tokens can create entry points into enterprise systems. This has increased focus on securing third-party integrations within corporate environments.
The attacks are being linked to the ShinyHunters group, which has claimed responsibility for stealing data from dozens of companies in a coordinated campaign. The incidents reportedly took place during a bank holiday period across several countries, coinciding with Easter and Passover, which may have delayed detection.
There were also attempts to access data from Salesforce using the same stolen tokens, but these were blocked. Google’s Threat Intelligence Group said it is aware of the situation and continues to monitor developments without sharing further details.
Anodot’s customers include companies such as Puma, SAP, T-Mobile and UPS. Another client, Payoneer, said it was aware of the issue but had not been impacted. The company had earlier reported a service disruption in early April involving data collectors linked to Snowflake, which may have affected visibility into customer systems at the time.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
