Hackers have reportedly stolen knowledge from not less than a dozen corporations following a breach at enterprise monitoring software program maker Anodot, leaving its clients uncovered to extortion and prone to having their knowledge printed on-line.
Bleeping Laptop, among the many first to report the Anodot breach, and BBC Information each reported that the ShinyHunters hacking group was threatening to launch the stolen knowledge if its ransom calls for weren’t met.
The breach is the most recent instance of hackers concentrating on software program utilized by company giants in an effort to steal delicate knowledge from a number of corporations in a single go.
Anodot, which helps its company clients detect outages and different points which may have an effect on their capacity to make income, mentioned on its standing web page that the incident started on April 4, when the corporate’s knowledge connectors stopped working, stopping its clients from accessing their cloud-stored knowledge.
In keeping with the reviews, the hackers broke into Anodot and stole authentication tokens that its clients use to achieve entry to their knowledge within the cloud. Utilizing these tokens, the hackers stole reams of buyer knowledge from the cloud storage.
One cloud storage supplier, Snowflake, lower off Anodot clients from their cloud knowledge after detecting “uncommon exercise” in some knowledge shops, mentioned Bleeping Laptop.
One of many affected corporations is alleged to be Rockstar Video games, the maker of the Grand Theft Auto and Max Payne video video games, per gaming information outlet Kotaku.
“We are able to affirm {that a} restricted quantity of non-material firm info was accessed in reference to a third-party data breach. This incident has no impression on our group or our gamers,” Rockstar spokesperson Murphy Siegel advised information.killnetswitch in an emailed assertion.
Rockstar Video games was additionally breached in 2022, when hackers stole and printed an early trailer for the corporate’s upcoming flagship sport, Grand Theft Auto VI.
Snowflake didn’t reply to information.killnetswitch’s request for touch upon Monday. Glassbox, which owns Anodot, additionally didn’t reply to a request for remark.
ShinyHunters are a gaggle of largely English-speaking hackers recognized for stealing knowledge and extorting their victims. The hackers are recognized for his or her social engineering abilities, similar to impersonating IT assist desk and help employees to trick workers at giant corporations into granting them entry to accounts or techniques on the corporate’s community.
The group targets corporations that retailer giant quantities of knowledge in cloud storage. Previously 12 months, ShinyHunters has centered on corporations like Anodot, Gainsight, and Salesloft, which permit their clients to entry and analyze giant datasets of their cloud storage, in an effort to steal passwords and tokens. In some circumstances, the stolen knowledge has contained tokens that allowed the hackers to subsequently breach different corporations.
