Home Snowflake enforces MFA as data breach probe continues

Snowflake enforces MFA as data breach probe continues

Cloud data analytics platform Snowflake announced that it will enforce multi-factor authentication following what might be one of the largest data breaches on record.

This decision was prompted by a breach noticed last month by Hudson Rock analysts, involving a massive data theft from Ticketmaster, Spanish bank Santander, and potentially hundreds of millions of files from Advance Auto Parts—all of whom are Snowflake clients.

Snowflake, a platform that hosts massive datasets for corporations, revealed that hackers had been using stolen credentials to try to infiltrate its customer accounts.

Despite Snowflake launching legal actions against Hudson Rock, forcing them to withdraw their report, the company acknowledged that it was investigating “a targeted threat campaign against some Snowflake customer accounts.” At the same time, TechCrunch reported the discovery of a trove of Snowflake customer passwords online, available to hackers. Snowflake had at first signaled that only a “limited” number of customer accounts were compromised.

However, the news outlet reported that LendingTree’s subsidiary, QuoteWizard, also suffered a data breach at Snowflake. “We can confirm that we use Snowflake for our business operations, and that we were notified by them that our subsidiary, QuoteWizard, may have had data impacted by this incident,” a spokesperson stated.

Data breach reported on BreachForums

Much of the drama involving Snowflake has unfolded on BreachForums, a well-known cybercrime marketplace. This site was shut down by the FBI in mid-May, only to be replaced by a new version. This iteration is allegedly managed by the hacker group ShinyHunters, who claim they are trading 560 million records from Ticketmaster and 30 million from Santander.

Both organizations have acknowledged these data breaches. Ticketmaster has specifically attributed its breach to Snowflake, whereas Santander has reported unauthorized access to a database managed by a third-party provider, without confirming the extent of the breach.

Recently, a BreachForums group with the username Sp1d3r has spotted two additional companies affected by the Snowflake incident. According to Sp1d3r, they have 3TB worth of data for 380 million customers from Advance Auto Parts and information in regards to 190 million customers from financial services firm LendingTree and its subsidiary QuoteWizard. BleepingComputer has verified the customer data related to Advance Auto Parts.

The LendingTree spokesperson said, “We take these matters seriously, and immediately after hearing from [Snowflake] launched an internal investigation.” They added, “As of this time, it does not appear that consumer financial account information was impacted, nor information of the parent entity, LendingTree.”

Snowflake reveals details about threat actors

After acknowledging that accounts had been targeted, Snowflake provided further information about the incident. Brad Jones, the chief information security officer at Snowflake, explained in a post that threat actors used login details that had been “purchased or obtained through infostealing malware,” which is designed to pull usernames and passwords from devices that have been compromised. He described the incident as a “targeted campaign directed at users with single-factor authentication.”

In the same post, Jones mentioned that Snowflake, with the help of cybersecurity firms CrowdStrike and Mandiant, found no evidence that the attack was “caused by compromised credentials of current or former Snowflake personnel.” However, he noted that a former employee’s demo accounts were accessed but maintained that they “did not contain sensitive data.”

In a separate blog post by Mandiant, the company reiterated: “Mandiant’s investigation has not found any evidence to suggest that unauthorized access to Snowflake customer accounts stemmed from a breach of Snowflake’s enterprise environment.” However, it added that every incident it had responded to associated with the campaign “was traced back to compromised customer credentials.” ReadWrite reached out to Snowflake, however, the company directed us to Jones’ post for more information.

In addition, the US Cybersecurity and Infrastructure Security Agency has issued an alert concerning the Snowflake incident. Similarly, Australia’s Cyber Security Center has admitted being “aware of successful compromises of several companies utilizing Snowflake environments.”

ReadWrite has reached out to Snowflake and Live Nation for comment.

Featured image: Ideogram

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Suswati Basu
Tech journalist

Suswati Basu is a multilingual, award-winning editor and the founder of the intersectional literature channel, How To Be Books. She was shortlisted for the Guardian Mary Stott Prize and longlisted for the Guardian International Development Journalism Award. With 18 years of experience in the media industry, Suswati has held significant roles such as head of audience and deputy editor for NationalWorld news, digital editor for Channel 4 News and ITV News. She has also contributed to the Guardian and received training at the BBC As an audience, trends, and SEO specialist, she has participated in panel events alongside Google. Her…

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.