Major Breach at Business Software Firm Anodot Exposes Dozens of Client Companies to Extortion

Hackers have stolen sensitive data from at least a dozen separate organizations following a successful breach of business monitoring software developer Anodot, putting all affected customers at risk of both extortion and public exposure of their stolen private information, multiple industry outlets have confirmed.

Bleeping Computer, one of the first tech outlets to break news of the Anodot breach, and BBC News have both tied the attack to the notorious hacking group ShinyHunters. The group has issued explicit threats to publish all stolen data online if their ransom demands are not met.

This incident is just the latest example of a fast-growing hacker tactic: targeting third-party software relied on by major corporations, allowing threat actors to compromise dozens of separate organizations in a single coordinated attack.

Anodot builds tools that help corporate clients spot service outages and other operational issues that could cut into revenue. In an update posted to its public status page, the firm confirmed the incident was first flagged on April 4, when the company’s customer data connectors suddenly stopped working, blocking clients from accessing their own cloud-hosted data.

Per multiple reports, the attackers first gained access to Anodot’s internal systems, then stole authentication tokens that Anodot clients use to access their own cloud-based data repositories. Using these stolen valid tokens, the hackers were able to pull massive volumes of sensitive customer data directly from third-party cloud storage systems.

Leading cloud storage provider Snowflake moved quickly to restrict Anodot clients’ access to their cloud repositories after detecting “unusual activity” across a subset of affected data stores, Bleeping Computer reported.

One of the highest-profile companies impacted by the supply chain attack is Rockstar Games, the developer behind the blockbuster Grand Theft Auto and Max Payne video game franchises, according to gaming publication Kotaku.

Rockstar spokesperson Murphy Siegel confirmed the incident to TechCrunch in an emailed statement, saying: “We can confirm that a limited amount of non-material company information was accessed in connection with a third-party data breach. This incident has no impact on our organization or our players.”

This is not Rockstar’s first major run-in with hacking groups: the studio suffered a high-profile breach in 2022, when attackers stole and leaked early development footage of its highly anticipated upcoming flagship title, Grand Theft Auto VI.

As of Monday, Snowflake had not responded to TechCrunch’s request for comment on the breach. Glassbox, the parent company that owns Anodot, also declined to respond to requests for comment on the incident.

ShinyHunters is a well-documented hacking group made up mostly of English-speaking threat actors, best known for targeting large companies to steal data and extort ransoms from victims. The group is infamous for its sophisticated social engineering tactics, which often involve impersonating IT helpdesk and support staff to trick employees at large corporations into granting access to internal company accounts and network systems.

The group typically focuses on organizations that store massive volumes of customer and business data in cloud repositories. Over the past year, ShinyHunters has zeroed in on B2B service providers like Anodot, Gainsight, and Salesloft — all of which let their own clients access and analyze large datasets hosted in third-party cloud storage. By stealing credentials and authentication tokens from these middleman providers, the group can then breach dozens of downstream client companies. In multiple past incidents, stolen tokens from these B2B attacks have allowed ShinyHunters to successfully gain access to systems at separate third-party organizations.