Hackers reportedly stole data from at least a dozen companies following a breach of business monitoring software maker Anodot, leaving customers at risk of extortion and having their data published online.
Bleeping Computer and BBC News, which first reported the Anodot breach, both reported that the ShinyHunters hacking group was threatening to release stolen data if ransom demands were not met.
The breach is the latest example of hackers targeting software used by large corporations in an attempt to steal sensitive data from multiple companies at once.
Anodot, which helps business customers detect outages and other issues that can impact their ability to earn money, said on its status page that the incident began on April 4 when its data connector stopped working and customers were unable to access data stored in the cloud.
Hackers reportedly broke into Anodot and stole authentication tokens used by customers to access data in the cloud. Hackers used these tokens to steal large amounts of customer data from cloud storage.
Snowflake, one of the cloud storage providers, has cut off Anodot customers from their cloud data after detecting “anomalous activity” on some of its data stores, Bleeping Computer said.
According to gaming news outlet Kotaku, one of the affected companies is said to be Rockstar Games, the maker of video games “Grand Theft Auto” and “Max Payne.”
“We can confirm that a limited amount of non-critical company information was accessed in connection with a third-party data breach. This incident does not affect our organization or our players,” Rockstar spokesperson Murphy Siegel told TechCrunch in an emailed statement.
Rockstar Games was also compromised in 2022, when hackers stole and released an early trailer for the company’s upcoming flagship game, Grand Theft Auto VI.
Snowflake did not respond to TechCrunch’s request for comment on Monday. Glassbox, which owns Anodot, also did not respond to a request for comment.
ShinyHunters is a group of primarily English-speaking hackers known for stealing data and extorting victims. The hacker is known for his social engineering skills, including impersonating IT help desk and support staff to trick employees of large companies into granting him access to accounts and systems on the company’s network.
This group targets companies that store large amounts of data in cloud storage. Over the past year, ShinyHunters has focused on companies such as Anodot, Gainsight, and Salesloft that allow customers to access and analyze large datasets in cloud storage for the purpose of stealing passwords and tokens. In some cases, the stolen data included tokens that allowed hackers to subsequently infiltrate other companies.
Source link
