Israeli Company Anodot Allegedly Breached, Affecting Multiple Cloud Integrations

A major security incident allegedly hit an Israeli analytics firm called Anodot. Multiple customers now face extortion after attackers stole integration keys to their cloud data, which many believe has something to do with Anodot being hacked.

Consequences of Anodot’s Silent Breach

Here are the details we’ve gathered so far on the alleged Anodot compromise. Anodot is a firm that provides AI-powered anomaly detection services. Companies use it to spot unusual changes in revenue or system performance.

The problem? Anodot connects deeply into its customers’ clouds. We are talking about AWS, Google, Azure, Cisco, Oracle, and Salesforce. It’s even possible many other integrations were affected as well.

Apparently, attackers compromised Anodot and it’s possible they stole authentication tokens. Those tokens give them direct access to Anodot’s customers.

The ShinyHunters extortion gang confirmed they are behind the attacks, claiming they stole data from dozens of companies last Friday, including Cisco and Salesforce. Surprisingly, this coincides with the day Anodot posted updates about some data collection and detection issues on their site.

Based on earlier reports, the gang is now demanding ransom payments. They threaten to leak the stolen data publicly. One target was Salesforce. The attackers said AI detection blocked them there.

Customers Left Guessing

Anodot’s status page shows a worrying timeline. On April 4th, the company admitted data collectors were failing. Snowflake, S3, and Kinesis streams stopped retrieving samples. The issue impacted all clusters globally. By April 6th, every single data collector stopped working.

But here is the real kicker. Anodot never mentioned a breach. Their status page now serves a static JPEG. That means monitoring infrastructure is either down or someone deliberately stopped updating it. Journalists have sent multiple emails. The company has not replied. Even their AI assistant looks broken.

Currently, Anodot is having a major outage, and status report shows it has been down over the past 24 hours

Confirmed Fallout and Big-Name Customers

BleepingComputer broke the story open. Snowflake confirmed “unusual activity” linked to a specific third party integration. They locked down potentially impacted accounts. Snowflake stressed their own systems were not compromised. Though the company didn’t specifically mention names, multiple sources pointed the finger directly at Anodot.

Cisco is another integration partner. And Cisco recently got breached too. ShinyHunters claims to have stolen over three million Salesforce records from Cisco. That data included personal identifiable information, GitHub repositories, and AWS buckets.

So who uses Anodot? Its customer list includes a number of high profile global businesses. Affirm, Atlassian, Credit Karma, King, LivePerson, and even Pandora are among.

In addition, big shots like Payoneer, Puma, SAP, T-Mobile, TripAdvisor, UPS, Vimeo, and Vodafone all use Anodot services. Payoneer told security reporters they were aware of an integrator breach but it didn’t affect their system. Other companies have not spoken up.

The Danger of Deep Integrations

This situation is quite dire. The compromise of just one analytics layer affected both AWS, Azure, and Salesforce simultaneously. That is a lateral movement map for attackers. Anyone who integrated anything with Anodot should assume compromise right now.

The silence makes everything worse. Transparency during breaches is non-negotiable. When companies hide incidents, customers cannot respond. They cannot rotate tokens or audit access. The damage compounds with every quiet hour.

Remember when the internet’s builders warned against centralized compute? This is exactly why. One weak link in the integration chain now threatens dozens of major enterprises. And the company at the center refuses to talk.