Over a dozen companies have suffered data theft attacks following a breach at a SaaS integration provider where authentication tokens were stolen. While numerous cloud storage and SaaS vendors were targeted, **Snowflake**, the cloud data platform, appears to be the primary target. **Snowflake** has confirmed "unusual activity" affecting a small number of its customers. The company stated that its systems were not directly compromised, but rather, the attacks stemmed from a third-party integration. html <a rel="nofollow noopener" href="https://www.adaptivesecurity.com/demo/security-awareness-training?utm_source=display_network&amp;utm_medium=paid_display&amp;utm_campaign=2026_04_display_bleepingcomputer&amp;utm_id=701Rd00000fE8REIA0&amp;utm_content=970x250"><img alt="Wiz" src="https://www.bleepstatic.com/c/a/as-tour-the-platform-970-x250.jpg"></a> "We recently detected unusual activity within a small number of **Snowflake** customer accounts linked to a specific third-party integration," **Snowflake** told BleepingComputer. "We immediately launched an investigation and, out of an abundance of caution, locked down potentially impacted customer accounts. We also notified potentially impacted customers and provided precautionary guidance to help them further protect their accounts." ## Alleged **Anodot** Breach as the Root Cause While **Snowflake** has not confirmed the specific third-party integration partner involved, multiple sources point to a security incident at **Anodot**, a data anomaly detection company, as the origin of the attacks. **Anodot** is an AI-based analytics company specializing in real-time anomaly detection for business and operational data. **Glassbox** acquired the company in November 2025. It is alleged that the **ShinyHunters** extortion gang is now extorting numerous companies, demanding ransom payments to prevent the release of stolen data. The group confirmed their involvement to BleepingComputer, claiming to have stolen data from dozens of companies and attempting to steal data from **Salesforce**, but were blocked by AI detection. The blocked attempt comes amid a wave of data theft attacks over the past year targeting **Salesforce** customers. The threat actors claim the attack stems from a security incident at **Anodot**, hinting that they allegedly had access to the company for some time. **Payoneer** acknowledged awareness of the integrator breach but stated they were not impacted. **Google's** Threat Intelligence Group is also tracking the incident. BleepingComputer has reached out to **Anodot** and **Glassbox** for comment but has not yet received a response. html <a rel="noopener sponsored" href="https://hubs.li/Q048zztN0"><img alt="tines" src="https://www.bleepstatic.com/c/p/picus-whitepaper.jpg"></a> <div> <h2><a rel="noopener sponsored" href="https://hubs.li/Q048zztN0">Automated Pentesting Covers Only 1 of 6 Surfaces.</a></h2> <p>Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.</p> <p>This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.</p> </div>