Hackers have reportedly stolen data from at least a dozen companies following a breach at business monitoring software maker Anodot, leaving its customers exposed to extortion and at risk of having their data published online.
Bleeping Computer, among the first to report the Anodot breach, and BBC News both reported that the ShinyHunters hacking group was threatening to release the stolen data if its ransom demands were not met.
The breach is the latest example of hackers targeting software used by corporate giants in an effort to steal sensitive data from multiple companies in one go.
Anodot, which helps its corporate customers detect outages and other issues that might affect their ability to make revenue, said on its status page that the incident began on April 4, when the company’s data connectors stopped working, preventing its customers from accessing their cloud-stored data.
According to the reports, the hackers broke into Anodot and stole authentication tokens that its customers use to gain access to their data in the cloud. Using those tokens, the hackers stole reams of customer data from the cloud storage.
One cloud storage provider, Snowflake, cut off Anodot customers from their cloud data after detecting “unusual activity” in some data stores, said Bleeping Computer.
One of the affected companies is said to be Rockstar Games, the maker of the Grand Theft Auto and Max Payne video games, per gaming news outlet Kotaku.
“We can confirm that a limited amount of non-material company information was accessed in connection with a third-party data breach. This incident has no impact on our organization or our players,” Rockstar spokesperson Murphy Siegel told TechCrunch in an emailed statement.
Rockstar Games was also breached in 2022, when hackers stole and published an early trailer for the company’s upcoming flagship game, Grand Theft Auto VI.
Snowflake did not respond to TechCrunch’s request for comment on Monday. Glassbox, which owns Anodot, also did not respond to a request for comment.
ShinyHunters are a group of largely English-speaking hackers known for stealing data and extorting their victims. The hackers are known for their social engineering skills, such as impersonating IT help desk and support staff to trick employees at large companies into granting them …