Hack at Anodot leaves over a dozen breached companies facing extortion

Hackers person reportedly stolen information from astatine slightest a twelve companies pursuing a breach astatine concern monitoring bundle shaper Anodot, leaving its customers exposed to extortion and astatine hazard of having their information published online.

Bleeping Computer, among the archetypal to report the Anodot breach, and BBC News some reported that the ShinyHunters hacking radical was threatening to merchandise the stolen information if its ransom demands were not met.

The breach is the latest illustration of hackers targeting bundle utilized by firm giants successful an effort to bargain delicate information from aggregate companies successful 1 go. 

Anodot, which helps its firm customers observe outages and different issues that mightiness impact their quality to marque revenue, said on its presumption page that the incidental began connected April 4, erstwhile the company’s information connectors stopped working, preventing its customers from accessing their cloud-stored data.

According to the reports, the hackers broke into Anodot and stole authentication tokens that its customers usage to summation entree to their information successful the cloud. Using those tokens, the hackers stole reams of lawsuit information from the unreality storage. 

One unreality retention provider, Snowflake, chopped disconnected Anodot customers from their unreality information aft detecting “unusual activity” successful immoderate information stores, said Bleeping Computer.

One of the affected companies is said to beryllium Rockstar Games, the shaper of the Grand Theft Auto and Max Payne video games, per gaming quality outlet Kotaku.

“We tin corroborate that a constricted magnitude of non-material institution accusation was accessed successful transportation with a third-party information breach. This incidental has nary interaction connected our enactment oregon our players,” Rockstar spokesperson Murphy Siegel told TechCrunch successful an emailed statement.

Rockstar Games was besides breached successful 2022, erstwhile hackers stole and published an aboriginal trailer for the company’s upcoming flagship game, Grand Theft Auto VI.

Snowflake did not respond to TechCrunch’s petition for remark connected Monday. Glassbox, which owns Anodot, besides did not respond to a petition for comment. 

ShinyHunters are a radical of mostly English-speaking hackers known for stealing information and extorting their victims. The hackers are known for their societal engineering skills, specified arsenic impersonating IT assistance table and enactment unit to instrumentality employees astatine ample companies into granting them entree to accounts oregon systems connected the company’s network.

The radical targets companies that store ample amounts of information successful unreality storage. In the past year, ShinyHunters has focused connected companies similar Anodot, Gainsight and Salesloft, which let their customers to entree and analyse ample datasets successful their unreality storage, successful an effort to bargain passwords and tokens. In immoderate cases, the stolen information has contained tokens that allowed the hackers to subsequently breach different companies.