Hackers have reportedly stolen information from a minimum of a dozen corporations following a breach at enterprise monitoring software program maker Anodot, leaving its clients uncovered to extortion and vulnerable to having their information printed on-line.
Bleeping Laptop, among the first to report the Anodot breach, and BBC News each reported that the ShinyHunters hacking group was threatening to launch the stolen information if its ransom calls for weren’t met.
The breach is the most recent instance of hackers focusing on software program utilized by company giants in an effort to steal delicate information from a number of corporations in a single go.
Anodot, which helps its company clients detect outages and different points that may have an effect on their potential to make income, mentioned on its status page that the incident started on April 4, when the corporate’s information connectors stopped working, stopping its clients from accessing their cloud-stored information.
In accordance with the stories, the hackers broke into Anodot and stole authentication tokens that its clients use to realize entry to their information within the cloud. Utilizing these tokens, the hackers stole reams of buyer information from the cloud storage.
One cloud storage supplier, Snowflake, reduce off Anodot clients from their cloud information after detecting “uncommon exercise” in some information shops, mentioned Bleeping Laptop.
One of many affected corporations is claimed to be Rockstar Video games, the maker of the Grand Theft Auto and Max Payne video video games, per gaming news outlet Kotaku.
“We will verify {that a} restricted quantity of non-material firm info was accessed in reference to a third-party information breach. This incident has no influence on our group or our gamers,” Rockstar spokesperson Murphy Siegel advised TechCrunch in an emailed assertion.
Rockstar Video games was additionally breached in 2022, when hackers stole and printed an early trailer for the corporate’s upcoming flagship recreation, Grand Theft Auto VI.
Snowflake didn’t reply to TechCrunch’s request for touch upon Monday. Glassbox, which owns Anodot, additionally didn’t reply to a request for remark.
ShinyHunters are a bunch of largely English-speaking hackers identified for stealing information and extorting their victims. The hackers are identified for his or her social engineering abilities, similar to impersonating IT assist desk and assist workers to trick workers at massive corporations into granting them entry to accounts or techniques on the corporate’s community.
The group targets corporations that retailer massive quantities of knowledge in cloud storage. Up to now 12 months, ShinyHunters has centered on corporations like Anodot, Gainsight, and Salesloft, which permit their clients to entry and analyze massive datasets of their cloud storage, in an effort to steal passwords and tokens. In some instances, the stolen information has contained tokens that allowed the hackers to subsequently breach different corporations.
