Cloud data platform Snowflake has been targeted in a data theft attack stemming from a security vulnerability at Anodot, a third-party SaaS integration provider. Hackers successfully compromised several Snowflake customer accounts by stealing authentication tokens.
A Snowflake spokesperson confirmed the incident to BleepingComputer, stating that the company detected "unauthorized activity in a limited number of customer accounts" and has taken immediate action to secure those accounts. Snowflake emphasized that the breach did not originate from a vulnerability in its own systems, but rather from a failure within the third-party integration process.
Ransomware Group ShinyHunters Claims Responsibility
According to sources familiar with the matter, the attack originated from a security lapse at Anodot, an AI-driven analytics firm specializing in real-time anomaly detection that was acquired by Glassbox in November 2025. The notorious hacking group ShinyHunters has publicly claimed responsibility for the campaign, demanding ransoms from several victimized companies and threatening to leak stolen data if their demands are not met.
ShinyHunters confirmed to media outlets that they also attempted to use the stolen tokens to breach Salesforce, but the attempt was thwarted by AI-powered security protocols. The breach has had a wide-reaching impact, affecting dozens of enterprises over the past few days.
The full list of affected companies has yet to be disclosed. Payment processor Payoneer issued a statement acknowledging the Anodot security incident but confirmed that internal investigations showed the company remained unaffected.
Google’s Threat Intelligence Group confirmed it is closely monitoring the data breach. As of now, neither Anodot nor its parent company, Glassbox, have responded to multiple requests for comment. Snowflake has issued proactive security guidance to affected customers, urging them to bolster their account protection measures.
