Anodot Breach: Over a Dozen Companies Face Extortion After Hackers Steal Cloud Tokens

A recent Anodot breach has reportedly compromised data from at least a dozen companies, leaving them vulnerable to extortion and the threat of leaked information online. The incident, first reported by Bleeping Computer and later confirmed by BBC News, involves the notorious ShinyHunters hacking group, which is demanding ransom payments to prevent the release of stolen data.

This attack is yet another example of cybercriminals targeting software providers to infiltrate multiple organizations simultaneously. Anodot, a business monitoring platform used by corporate clients to detect revenue-impacting outages, disclosed on its status page that the breach began on April 4, when its data connectors failed, blocking customers from accessing cloud-stored data.

How the Anodot Breach Unfolded

According to reports, hackers broke into Anodot’s systems and stole authentication tokens that customers rely on to access their cloud data. Using these tokens, the attackers exfiltrated vast amounts of sensitive information from cloud storage. One major cloud provider, Snowflake, detected “unusual activity” in certain data stores and cut off Anodot customers from their data, as noted by Bleeping Computer.

The breach highlights a growing trend: cybercriminals targeting software vendors to gain access to multiple corporate networks at once. In this case, the stolen tokens acted as a master key, allowing ShinyHunters to bypass security measures across numerous companies.

Rockstar Games Among Affected Companies

One confirmed victim is Rockstar Games, the developer behind Grand Theft Auto and Max Payne. Kotaku reported that the gaming giant was caught in the Anodot breach. Rockstar spokesperson Murphy Siegel told TechCrunch in a statement: “We can confirm that a limited amount of non-material company information was accessed in connection with a third-party data breach. This incident has no impact on our organization or our players.”

This is not the first time Rockstar has faced a security incident. In 2022, hackers stole and published an early trailer for Grand Theft Auto VI. However, the company insists this latest breach is minor.

ShinyHunters: The Group Behind the Attack

ShinyHunters is a group of primarily English-speaking hackers known for data theft and extortion. They excel at social engineering, often impersonating IT help desk staff to trick employees into granting access to accounts or systems. Their focus has shifted to companies like Anodot, Gainsight, and Salesloft, which store large datasets in cloud environments.

In the past year, ShinyHunters has targeted these platforms to steal passwords and tokens. In some cases, the stolen data contained tokens that enabled further breaches at other firms. This tactic amplifies the damage, turning a single breach into a chain reaction of compromises.

Snowflake did not respond to requests for comment, and Glassbox, which owns Anodot, also remained silent. For more on how to protect against such attacks, read our guide on cloud security best practices. Additionally, learn about preventing social engineering attacks to defend against groups like ShinyHunters.

What Companies Can Learn from the Anodot Breach

This incident underscores the critical need for robust access controls and token management. Companies should regularly audit their authentication tokens and limit their lifespan to reduce exposure. Furthermore, implementing multi-factor authentication and monitoring for unusual activity can help detect breaches early.

As cybercriminals become more sophisticated, organizations must treat third-party software providers as potential attack vectors. The Anodot breach serves as a stark reminder that a single vulnerability can cascade into a widespread crisis.

In conclusion, the ShinyHunters group continues to exploit weaknesses in cloud-dependent ecosystems. Businesses that store sensitive data in the cloud should reassess their security posture and consider additional layers of protection. For more insights, check out our article on ransomware defense strategies.

Bitcoin Depot Theft: $3.6 Million in Crypto Stolen After System Breach

A Bitcoin Depot theft of more than 50 Bitcoin—valued at roughly $3.66 million—has shaken the cryptocurrency ATM operator. The company disclosed the incident in a recent regulatory filing, revealing that attackers infiltrated its internal systems and made off with digital assets before being stopped.

On March 23, Bitcoin Depot detected unauthorized access to parts of its IT infrastructure. The company responded immediately, but the damage was already done. Hackers had obtained credentials linked to digital asset settlement accounts, enabling them to transfer 50.903 Bitcoin out of company-controlled wallets. The breach was contained within the corporate environment, meaning customer-facing platforms and user data remained untouched.

Bitcoin Depot operates over 25,000 Bitcoin ATMs and BDCheckout locations worldwide. In 2025, the company reported $615 million in revenue. This crypto theft highlights the persistent risks faced by even established players in the digital currency space.

Response and Financial Fallout

After discovering the breach, Bitcoin Depot activated its incident response protocols. The company brought in external cybersecurity specialists and notified law enforcement agencies as part of the investigation. Despite these efforts, the company outlined several potential consequences tied to the incident, including reputational damage, legal and regulatory exposure, and rising response costs.

Bitcoin Depot described the event as material on April 6, citing these possible impacts. While the firm carries cyber insurance, it cautioned that coverage may not fully offset the losses. The Bitcoin Depot theft could also affect its stock price and investor confidence in the short term.

Financial Implications for the Company

The $3.66 million loss represents a significant chunk of the company’s cash reserves. However, Bitcoin Depot emphasized that its operations have not been materially disrupted. The firm continues to run its ATM network and payment services without interruption. Still, the incident underscores the need for robust security measures in the crypto sector.

Ongoing Investigation and Industry Context

The investigation remains active, and Bitcoin Depot noted that the final financial impact could differ from its initial estimate. Attackers may have accessed additional systems or data, though the company has not confirmed any further compromises. This cryptocurrency breach follows a previous security issue in 2025, when Bitcoin Depot disclosed a data breach affecting nearly 26,000 individuals. That earlier intrusion involved attackers accessing sensitive personal information, including names, addresses, and identification details.

This latest incident also reflects a broader pattern of attacks targeting cryptocurrency platforms. Recent reports have highlighted increasingly sophisticated campaigns, including a $285 million theft from a decentralized finance platform attributed to suspected North Korean threat actors. Cryptocurrency security best practices are more critical than ever for companies holding digital assets.

What This Means for Bitcoin ATM Users

For everyday users of Bitcoin ATMs, the breach may raise concerns about safety. However, Bitcoin Depot has stated that customer-facing platforms and data were not affected. The attack focused on internal corporate systems, not the ATMs themselves or user accounts. This distinction is important: your funds in a Bitcoin ATM are typically held in separate wallets managed by the operator, but the company’s own reserves took the hit.

Nevertheless, the Bitcoin Depot theft serves as a stark reminder that no company is immune to cyber threats. Users should always enable two-factor authentication on their accounts and monitor transactions regularly. For more on protecting your digital assets, check out this guide on securing crypto wallets.

Lessons for the Crypto Industry

This incident highlights several key takeaways for cryptocurrency businesses. First, credential security must be a top priority. Attackers gained access through compromised credentials linked to settlement accounts, suggesting that stronger authentication measures—like hardware security keys or multi-signature wallets—could have prevented the theft. Second, incident response plans need to be tested regularly. Bitcoin Depot’s quick detection and containment prevented a larger loss, but the attackers still managed to extract over $3.6 million.

Finally, the crypto industry must collaborate more closely with law enforcement. The involvement of agencies in this investigation could help trace the stolen Bitcoin and potentially recover some funds. However, the pseudonymous nature of blockchain transactions makes recovery challenging. As blockchain analysis tools improve, so do the chances of catching perpetrators.

In the end, the Bitcoin Depot theft is a cautionary tale for all companies handling digital assets. The $3.66 million loss is significant, but the reputational damage and regulatory scrutiny may prove even costlier in the long run. As the investigation unfolds, the crypto community will be watching closely for lessons that could shape future security practices.

Booking.com Confirms Hackers Accessed Customer Data: What Travelers Need to Know

The global travel giant Booking.com has confirmed a significant Booking.com data breach that may have exposed the personal information of its customers. The company, which handles millions of hotel and home reservations worldwide, acknowledged the incident on Monday after affected users began sharing notifications online.

This breach is a stark reminder that even the most trusted platforms can fall victim to cyberattacks. If you’ve recently booked a trip through Booking.com, here’s what you need to know about the compromised data and how to stay safe.

What Information Was Exposed in the Booking.com Data Breach?

According to the official notification sent to customers, hackers potentially accessed names, email addresses, phone numbers, and booking details. The company also warned that any information shared with the accommodation—such as special requests or arrival times—may have been compromised.

However, Booking.com assured customers that financial information, including credit card numbers and payment details, was not accessed in this incident. Physical addresses were also not taken, according to a company spokesperson.

How Did the Attack Unfold?

The breach first came to light when a Reddit user posted a notification they received from Booking.com. The user told TechCrunch that they had received a phishing message via WhatsApp two weeks earlier, which included their booking details and personal information. This suggests that hackers are now using the stolen data to launch targeted phishing attacks against customers.

Booking.com spokesperson Courtney Camp stated that the company noticed “suspicious activity involving unauthorized third parties being able to access some of our guests’ booking information.” The company responded by updating the PIN numbers for affected reservations and informing customers directly.

Building on this, the company declined to disclose how many customers were impacted, leaving many travelers in the dark about the scale of the breach.

How to Protect Yourself After the Booking.com Breach

Watch Out for Phishing Scams

Phishing attempts are the most immediate threat following a data breach. Hackers may send emails or messages pretending to be from Booking.com, asking you to click links or provide additional information. Always verify the sender’s address and avoid clicking on suspicious links. For more tips, check out our guide on how to spot phishing emails.

Update Your Passwords

Even if your password wasn’t directly compromised, it’s wise to change your Booking.com account password and any other accounts that use the same credentials. Enable two-factor authentication for an extra layer of security.

Monitor Your Accounts

Keep a close eye on your bank statements and credit reports for any unusual activity. If you receive unsolicited messages asking for personal details, report them to Booking.com immediately.

What This Means for Online Travel Security

This incident is not an isolated case. In 2024, TechCrunch reported that hackers had infected hotel computers with consumer-grade spyware, including pcTattletale, which captured screenshots of the Booking.com administration portal. This highlights a growing trend: cybercriminals are increasingly targeting the travel industry to steal valuable customer data.

Booking.com has stated that it has taken action to contain the issue and is working to prevent future breaches. However, with over 6.8 billion bookings since 2010, the platform remains a prime target for attackers.

Final Thoughts: Stay Vigilant

The Booking.com data breach serves as a critical reminder for all travelers to remain vigilant. While the company has acted quickly to secure reservations, the stolen information could still be used in social engineering attacks. Always double-check communications from travel platforms, and never share sensitive information through unverified channels.

For more advice on staying safe online, read our article on travel security best practices.