Massive Snowflake Data Breach Potentially One of the Largest Ever

Massive Snowflake Data Breach Potentially One of the Largest Ever | CIO Women Magazine

Source – WIRED

Snowflake Data Breach, a prominent cloud storage company, is facing what could be one of the largest data breaches in history. Last week, the company revealed that hackers had attempted to access customer accounts using stolen login credentials. The breach has been linked to significant data breaches at Ticketmaster and Santander, with cybercriminals claiming to sell data stolen from other major firms as well.

In the days following Snowflake’s initial statement about the breach affecting a “limited number” of accounts, reports surfaced indicating a broader impact. TechCrunch discovered that hundreds of Snowflake customer passwords were accessible online, raising concerns about the extent of the compromise. This incident underscores the rising threat of infostealer malware and highlights the necessity for multifactor authentication to protect accounts.

Cybercrime Marketplace Drama

The unfolding Snowflake drama has been significantly visible on BreachForums, a notorious cybercrime marketplace. Although the FBI seized BreachForums in mid-May, a new version quickly emerged, with the hacker group ShinyHunters claiming to sell vast amounts of data. This includes 560 million records from Ticketmaster and 30 million from Santander. While both companies have acknowledged breaches, they have not confirmed the magnitude of these incidents. Ticketmaster has directly linked its breach to Snowflake data breach, while Santander reported unauthorized access to a database hosted by a third-party provider.

Recently, a BreachForums user named Sp1d3r claimed to have data from other major companies connected to the Snowflake data breach. These include automotive giant Advance Auto Parts, with 380 million customer details, and financial services company LendingTree and its subsidiary QuoteWizard, with data linked to 190 million people. Verification attempts showed that some Advance Auto Parts staff and customer email addresses in the sample data were legitimate, adding credibility to these claims. Despite these revelations, Advance Auto Parts and LendingTree have not filed breach notifications with the Securities and Exchange Commission and have provided limited information on the matter.

Snowflake’s Response and Investigation

Since acknowledging the breach, Snowflake has shared more details about the incident. According to Brad Jones, Snowflake’s Chief Information Security Officer, the attackers used login credentials obtained through infostealing malware, which extracts usernames and passwords from compromised devices. Jones described the breach as a targeted campaign against users with single-factor authentication.

Jones assured that the investigation, conducted in collaboration with cybersecurity firms CrowdStrike and Mandiant, did not find evidence of compromised credentials belonging to current or former Snowflake employees. However, a former employee’s demo accounts were accessed, although they reportedly did not contain sensitive data. Snowflake has not identified any vulnerability, misconfiguration, or breach of its platform as the cause of the incident.

The US Cybersecurity and Infrastructure Security Agency has issued an alert regarding the Snowflake data breach, and Australia’s Cyber Security Center has acknowledged the successful compromises of several companies using Snowflake environments. As the situation continues to develop, the true extent of the breach and its impact on Snowflake’s customers remain uncertain, highlighting the ongoing challenges in cybersecurity and the importance of robust protective measures.



Related Posts