Hackers have reportedly stolen data from at least a dozen companies following a breach at business monitoring software maker Anodot, leaving its customers vulnerable to blackmail and the risk of their data being published online.
Bleeping Calculator, among the first mentioned the violation of Anodot, and BBC News Both reported that the ShinyHunters hacker group threatened to release the stolen data publicly if their ransom demands were not met.
The breach is the latest example of hackers targeting software used by corporate giants in an attempt to steal sensitive data from multiple companies in one go.
Anodot, which helps its enterprise customers identify outages and other issues that may affect their ability to generate revenue, said on its status page that the incident began on April 4, when the company’s data links stopped working, preventing its customers from accessing their cloud-stored data.
According to reports, hackers broke into Anodot and stole authentication tokens that its customers use to access their cloud data. Using these tokens, hackers stole reams of customer data from cloud storage.
A cloud storage provider, Snowflake, cut off Anodot customers from their cloud data after detecting “unusual activity” in some data stores, Bleeping Computer said.
One of the affected companies is said to be Rockstar Games, maker of the Grand Theft Auto and Max Payne video games, per gaming news outlet Kotaku.
“We can confirm that a limited amount of non-essential company information was accessed in connection with a third-party data breach. This incident has no impact on our organization or our players,” Rockstar spokesperson Murphy Siegel said in a statement sent to TechCrunch.
Rockstar Games was also hacked in 2022, when hackers stole and posted an early trailer for the company’s upcoming flagship game, Grand Theft Auto VI.
Snowflake did not respond to TechCrunch’s request for comment on Monday. Glassbox, which owns Anodot, also did not respond to a request for comment.
ShinyHunters are a group of mostly English-speaking hackers known for stealing data and blackmailing their victims. Hackers are known for their social engineering skills, such as impersonating IT help desk and support staff to trick employees of large companies into granting them access to accounts or systems on the company’s network.
The group targets companies that store large amounts of data in cloud storage. Over the past year, ShinyHunters has focused on companies such as Anodot, Gainsight, and Salesloft, which allow their customers to access and analyze large data sets in their cloud storage in an attempt to steal passwords and tokens. In some cases, the stolen data contained tokens that allowed the hackers to subsequently breach other companies.
