Cloud knowledge evaluation firm Snowflake is on the heart of a latest spate of alleged knowledge thefts, as its company prospects scramble to know if their shops of cloud knowledge have been compromised.
Snowflake helps a few of the largest international companies — together with banks, healthcare suppliers and tech corporations — retailer and analyze their huge quantities of information, akin to buyer knowledge, within the cloud.
Last week, Australian authorities sounded the alarm saying they had turn into conscious of “successful compromises of several companies utilising Snowflake environments,” with out naming the businesses. Hackers had claimed on a identified cybercrime discussion board that that they had stolen a whole bunch of thousands and thousands of buyer information from Santander Bank and Ticketmaster, two of Snowflake’s largest prospects. Santander confirmed a breach of a database “hosted by a third-party provider,” however wouldn’t title the supplier in query. On Friday, Live Nation confirmed that its Ticketmaster subsidiary was hacked and that the stolen database was hosted on Snowflake.
Snowflake acknowledged in a quick assertion that it was conscious of “potentially unauthorized access” to a “limited number” of buyer accounts, with out specifying which of them, however that it has discovered no proof there was a direct breach of its methods. Rather, Snowflake referred to as it a “targeted campaign directed at users with single-factor authentication” and that the hackers used “previously purchased or obtained through infostealing malware,” which is designed to scrape a person’s saved passwords from their pc.
Despite the delicate knowledge that Snowflake holds for its prospects, Snowflake lets every buyer handle the safety of their environments, and doesn’t routinely enroll or require its prospects to make use of multi-factor authentication, or MFA, in keeping with Snowflake’s buyer documentation. Not implementing using MFA seems to be how cybercriminals allegedly obtained enormous quantities of information from a few of Snowflake’s prospects, a few of which arrange their environments with out the extra safety measure.
Snowflake conceded that one among its personal “demo” accounts was compromised as a result of it wasn’t protected past a username and password, however claimed the account “did not contain sensitive data.” It’s unclear if this stolen demo account has any position within the latest breaches.
TechCrunch has this week seen a whole bunch of alleged Snowflake buyer credentials which are out there on-line for cybercriminals to make use of as a part of hacking campaigns, suggesting that the danger of Snowflake buyer account compromises could also be far wider than first identified.
The credentials have been stolen by infostealing malware that contaminated the computer systems of staff who’ve entry to their employer’s Snowflake setting.
Some of the credentials seen by TechCrunch seem to belong to staff at corporations identified to be Snowflake prospects, together with Ticketmaster and Santander, amongst others. The staff with Snowflake entry embody database engineers and knowledge analysts, a few of whom reference their expertise utilizing Snowflake on their LinkedIn pages.
For its half, Snowflake has informed prospects to right away change on MFA for his or her accounts. Until then, Snowflake accounts that aren’t implementing using MFA to log in are placing their saved knowledge liable to compromise from easy assaults like password theft and reuse.
How we checked the info
A supply with data of cybercriminal operations pointed TechCrunch to a web site the place would-be attackers can search by lists of credentials which were stolen from numerous sources, akin to infostealing malware on somebody’s pc or collated from earlier knowledge breaches. (TechCrunch will not be linking to the positioning the place stolen credentials can be found in order to not help unhealthy actors.)
In all, TechCrunch has seen greater than 500 credentials containing worker usernames and passwords, together with the…
