Cyberattack on Anodot exposes multiple companies to extortion threats

Hackers have reportedly obtained data from at least a dozen companies after breaching Anodot, putting its customers at risk of extortion and public exposure.

Both Bleeping Computer, which first reported the breach, and BBC News indicated that the hacking group ShinyHunters is threatening to publish the stolen data unless ransom demands are satisfied.

The incident highlights a growing trend in which attackers target software providers used by large enterprises, enabling them to access sensitive information across multiple organisations through a single breach.

Anodot, a platform that helps businesses monitor outages and detect operational issues that could affect revenue, explained on its status page that the disruption began on April 4. During this time, its data connectors stopped functioning, preventing customers from accessing their cloud-stored data.

Reports suggest that attackers infiltrated Anodot’s systems and extracted authentication tokens used by customers to access their cloud environments. With those tokens, the hackers were able to retrieve significant volumes of customer data directly from cloud storage systems.

One of the cloud providers involved, Snowflake, reportedly blocked Anodot customers from accessing certain data after detecting unusual activity across some of the affected storage environments, according to Bleeping Computer.

Among the companies affected is Rockstar Games, known for titles such as Grand Theft Auto and Max Payne, according to Kotaku.

A spokesperson for Rockstar, Murphy Siegel, stated that only a limited amount of non-critical company information was accessed in the third-party breach, adding that the incident has not affected the company’s operations or its players.

This is not the first time Rockstar Games has been targeted. In 2022, hackers gained access to the company’s systems and leaked early footage of its highly anticipated game, Grand Theft Auto VI.

The ShinyHunters group is known for targeting organisations that handle large volumes of data and often relies on social engineering tactics. These can include impersonating IT support staff to trick employees into granting access to sensitive systems or credentials.

In recent years, the group has increasingly focused on companies like Anodot, Gainsight, and Salesloft. These platforms provide tools for accessing and analysing large datasets stored in the cloud, making them attractive targets. By compromising such services, attackers can obtain credentials or tokens that may later be used to infiltrate additional organisations.

In some cases, the stolen data has included access tokens that allowed attackers to extend their reach and compromise other companies, amplifying the impact of a single breach across multiple victims.