Cyber Incident Victim: Anodot
Date:
Apr 2026
Location:
United States of America
Summary
Hackers infiltrated Anodot, stole authentication tokens used by its customers to access cloud storage, and used those tokens to exfiltrate data from over a dozen client companies. The stolen data prompted extortion threats from the ShinyHunters group, which warned of public release unless a ransom was paid, and led cloud provider Snowflake to suspend access for affected customers after detecting unusual activity. Among the impacted firms, Rockstar Games confirmed that only limited non‑material information was accessed and stated the breach had no effect on its operations or players.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The breach began on April 4 when Anodot’s data connectors stopped working, preventing its customers from accessing their cloud‑stored data. Hackers broke into Anodot and stole authentication tokens that its customers use to gain access to their data in the cloud. Using those tokens, the hackers stole reams of customer data from the cloud storage. One cloud storage provider, Snowflake, cut off Anodot customers from their cloud data after detecting ‘unusual activity’ in some data stores, said Bleeping Computer. Bleeping Computer, among the first to report the Anodot breach, and BBC News both reported that the ShinyHunters hacking group was threatening to release the stolen data if its ransom demands were not met.
The breach is the latest example of hackers targeting software used by corporate giants in an effort to steal sensitive data from multiple companies in one go. One of the affected companies is said to be Rockstar Games, the maker of the Grand Theft Auto and Max Payne video games, per gaming news outlet Kotaku. “We can confirm that a limited amount of non-material company information was accessed in connection with a third‑party data breach. This incident has no impact on our organization or our players,” Rockstar spokesperson Murphy Siegel told TechCrunch in an emailed statement. Rockstar Games was also breached in 2022, when hackers stole and published an early trailer for the company’s upcoming flagship game, Grand Theft Auto VI. ShinyHunters are a group of largely English‑speaking hackers known for stealing data and extorting their victims. The hackers are known for their social engineering skills, such as impersonating IT help desk and support staff to trick employees at large companies into granting them access to accounts or systems on the company’s network. The group targets companies that store large amounts of data in cloud storage. In the past year, ShinyHunters has focused on companies like Anodot, Gainsight, and Salesloft, which allow their customers to access and analyze large datasets in their cloud storage, in an effort to steal passwords and tokens. In some cases, the stolen data has contained tokens that allowed the hackers to subsequently breach other companies.
Anodot, which helps its corporate customers detect outages and other issues that might affect their ability to make revenue, said on its status page that the incident began on April 4, when the company’s data connectors stopped working, preventing its customers from accessing their cloud‑stored data. Snowflake did not respond to TechCrunch’s request for comment on Monday. Glassbox, which owns Anodot, also did not respond to a request for comment. Zack Whittaker is the security editor at TechCrunch. He also authors the weekly cybersecurity newsletter, this week in security. He can be reached via encrypted message at zackwhittaker.1337 on Signal. You can also contact him by email, or to verify outreach, at [email protected].