Details of The Story
The number of organizations whose Snowflake accounts have been breached continues to mount as LendingTree confirmed recently that its subsidiary, QuoteWizard, had its data stolen. This incident is part of a broader wave of credential-stuffing attacks that have targeted Snowflake clients, exploiting the lack of multi-factor authentication (MFA) among these accounts.
Other victims include Advance Auto Parts, which recently reported that threat actors stole 3TB of data from its Snowflake account, and Ticketmaster, which confirmed that attackers accessed its Snowflake account, leading to the exposure of personal information and ticket sales details for 560 million customers. This stolen data is now being sold on hacking forums, further exacerbating the potential harm to affected individuals.
The attackers behind these breaches have used credentials stolen by information-stealing malware to gain access to Snowflake accounts, particularly targeting those without MFA enabled. This method allowed them to breach systems and exfiltrate vast amounts of data. Snowflake has reiterated that these breaches were due to customers not using MFA, rather than any vulnerabilities within their platform. The company, supported by cybersecurity firms CrowdStrike and Mandiant, has been investigating these incidents and has provided indicators of compromise (IOCs) to help affected customers determine if they were breached.
Snowflake’s client list includes numerous prominent companies such as Mastercard, AT&T, ExxonMobil, Cisco, Adobe, CapitalOne, Doordash, Roku, EA, Siemens, and Kraft Heinz. The recent breaches have put a spotlight on the security practices of these major organizations, underscoring the critical need for robust security measures, including the mandatory use of MFA, to protect sensitive data stored in cloud environments.
In response to the breaches, Snowflake and its partners continue to work on mitigating the risks and assisting affected customers. The ongoing investigation aims to strengthen cloud security and prevent such incidents in the future.
These incidents serve as a stark reminder of the importance of implementing comprehensive security measures, especially MFA, to safeguard cloud storage environments. The reliance on cloud services by high-profile companies necessitates a proactive approach to security, ensuring that vulnerabilities are addressed, and sensitive data is protected from malicious actors.
