The rise of supply chain-driven data theft in SaaS environments by Lucie Cardiet

This report details incidents where attackers exfiltrated data by compromising a SaaS integration provider and harvesting long-lived authentication tokens, enabling access across multiple customers' Snowflake and other data platforms; it highlights how token-based persistence and cross-system reuse let activity appear as legitimate operations, creating detection gaps, and associates the technique with the ShinyHunters extortion group.