logo

Stolen SaaS Integration Tokens Enable Data Theft Across Snowflake Environments (Campaign)

ID: 5d01cb38-564f-5baa-bd09-24ea11f0b22f

STIX ID: report--5d01cb38-564f-5baa-bd09-24ea11f0b22f

Feed Name: Wiz Cloud Threat Landscape

Threat Score
75/100

Date Published: 2026-04-07

Date Updated: 2026-05-01

Author: [email protected] (Wiz Threat Research)

...
...

Stolen SaaS integration tokens from Anodot allowed attackers to access and query customer Snowflake environments (and attempted Salesforce access), resulting in data exfiltration and subsequent extortion by ShinyHunters; evidence indicates the integrator environment may have been compromised for an extended period, enabling persistent access.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.

Built by the dogesec team. Copyright 2026.