The Snowflake data breach has deeply affected the technology and cybersecurity industry, leading to massive data loss. Many customers’ personal information was compromised, and the scale of the disaster is the largest in the world.
Snowflake, an artificial intelligence data platform that can process large amounts of data, can cause serious security vulnerabilities when used without adequate security measures. So why did the Snowflake data breach happen? Here’s all we know…
Snowflake data breach: Everything we know so far
Imagine if the company you are a customer of accused you of negligence and tried to walk away from such an incident as if nothing was wrong… That’s exactly what Snowflake is reportedly doing. However, some thoughtful people say that part of the breach was due to customer negligence. So what exactly happened, I hear you ask?
Snowflake, Crowdstrike, and Mandiant are responding to the incident. The malicious activity was caused by a targeted campaign against users with single-factor authentication. The campaign leveraged previously purchased or obtained information through information-stealing malware and used the stolen credentials to gain access to Snowflake databases.
Snowflake fell into this trap by not using multi-factor authentication in its demo environments and not disabling access to the intrusion. While the incidents occurred and Snowflake claims there was no platform breach, the fact remains that it compromised customers’ security.
There will likely be more problems with cloud data providers in the future.
So, what really happened?
While Snowflake says the allegations in the Hudson Rock blog are false, it admits that the credentials part is true. It confirmed that the personal credentials of demo accounts belonging to a former Snowflake employee were compromised and accessed. However, the accounts did not contain sensitive data and were not connected to Snowflake’s production or corporate systems.
Snowflake’s statement reads:
“We did find evidence that a threat actor obtained personal credentials and accessed demo accounts belonging to a former Snowflake employee. It did not contain sensitive data. Demo accounts are not connected to Snowflake’s production or corporate systems. The access was possible because the demo account was not behind Okta or Multi-Factor Authentication (MFA), unlike Snowflake’s corporate and production systems.”
Snowflake is conducting incident response in conjunction with Crowdstrike and Mandiant. It explains the cause of the malicious activity as follows:
- A targeted campaign against users with single-factor authentication.
- Threat actors are leveraging credentials previously purchased or obtained through information-stealing malware.
- Data thieves use the stolen credentials to gain access to Snowflake databases.
Meanwhile, world-renowned bank Santander and ticketing giant Ticketmaster were also hit by a massive data breach. Allegedly, a group of hackers called ShinyHunters compromised the data of millions of Santander customers and employees. The stolen information reportedly includes bank account details, credit card numbers, balance information, and personal information.
Santander confirmed that its customers’ data in Chile, Spain, and Uruguay, as well as some of its employees, had been stolen. However, the bank said sensitive data such as online banking details or passwords were unaffected, and customers could transact safely.
ShinyHunters is also trying to sell the private data it stole from Ticketmaster. The Australian government and the FBI are cooperating with Ticketmaster on this issue. On the other hand, experts at Hudson Rock believe that the Santander and Ticketmaster data breaches are linked to the Snowflake data breaches.
Snowflake admitted to unauthorized access to a limited number of customer accounts. Still, it said the incident was not caused by any security vulnerability.
The Snowflake data breach has once again highlighted cloud security’s criticality and provider accountability’s importance. Both providers and users must take more proactive security measures to prevent such incidents from happening again. In the digital age, we all need to be more aware and careful about the security of our data.
Featured image credit: Freepik