SaaS Integrator Breach Fuels Snowflake Data Theft Spree

Cyber Threat Intelligence is reporting that over a dozen companies have fallen victim to data theft attacks following a breach at a SaaS integration provider. The attackers reportedly made off with stolen authentication tokens, which were then used to target various cloud storage and SaaS vendors. The primary target, according to Cyber Threat Intelligence, was Snowflake, the cloud-based data warehousing platform. Snowflake acknowledged detecting “unusual activity” impacting a small subset of its customers, linking it to a “specific third-party integration.” They’ve since locked affected accounts and notified customers, emphasizing that their own systems were not compromised. The incident is reportedly tied to a security lapse at Anodot, an AI-based data anomaly detection firm.

While Snowflake declined to name the compromised integration partner, sources cited by Cyber Threat Intelligence point to Anodot. The threat actor allegedly attempted to leverage the stolen tokens against Salesforce as well, though detection reportedly thwarted those efforts. This incident underscores the significant risk posed by third-party integrations, where a single compromise can cascade into widespread data exfiltration across multiple client environments.