Snowflake customers hit in data theft attacks after SaaS integrator breach

Published:

7 april 2026 om 19:39:18

Alert date:

7 april 2026 om 20:01:51

Source:

bleepingcomputer.com

Cloud & Virtualization, Data Breach & Exfiltration, Database & Storage, Enterprise Applications

Over a dozen companies experienced data theft attacks following a breach of a SaaS integration provider. The breach resulted in the theft of authentication tokens, which were then used to compromise Snowflake customers. This represents a supply chain attack where a third-party service provider's compromise led to multiple downstream victim organizations. The attack highlights the risks associated with SaaS integrations and shared authentication mechanisms.

Technical details

Over a dozen companies suffered data theft attacks after a SaaS integration provider was breached and authentication tokens were stolen. The majority of attacks targeted Snowflake, a cloud-based data warehouse platform. The threat actor used stolen authentication tokens to steal data from multiple companies and attempted to steal data from Salesforce but was blocked by AI detection. The attacks stem from a security incident at Anodot, an AI-based analytics company that provides real-time anomaly detection. Snowflake confirmed the attacks did not involve any vulnerability or compromise of its own systems, but rather originated from a third-party integration breach.

Mitigation steps:

Snowflake immediately launched an investigation and locked down potentially impacted customer accounts out of an abundance of caution. They notified potentially impacted customers and provided precautionary guidance to help them further protect their accounts. Organizations should review their third-party integrations and authentication token management practices.

Affected products:

Snowflake
Salesforce
Anodot