Over a dozen companies have suffered data theft attacks after a SaaS integration provider was breached and authentication tokens stolen. While numerous cloud storage and SaaS vendors were targeted using the stolen tokens, BleepingComputer has learned that the majority of the data theft attacks targeted the cloud data platform Snowflake. Snowflake confirmed "unusual activity" to BleepingComputer, stating that a small number of its customers were impacted. "We recently detected unusual activity within a small number of Snowflake customer accounts linked to a specific third-party integration," Snowflake told BleepingComputer. "We immediately launched an investigation and, out of an abundance of caution, locked down potentially impacted customer accounts. We also notified potentially impacted customers and provided precautionary guidance to help them further protect their accounts." Snowflake stressed that the attacks did not involve any vulnerability or compromise of its systems. As part of these attacks, the threat actor allegedly attempted to use the stolen authentication tokens to steal data from Salesforce, but was detected before they could succeed. While Snowflake would not confirm which third-party integration partner was linked to these attacks, BleepingComputer was told by numerous sources that the attacks stem from a security incident at data anomaly detection company Anodot.