Snowflake, a well-known cloud storage company, recently found itself at the center of a controversy as a threat actor claimed responsibility for data breaches involving Ticketmaster and Santander Bank. The hacker allegedly gained access to sensitive information by hacking into an employee’s account at Snowflake. However, the company has strongly refuted these claims, stating that the breaches were a result of poor credential hygiene in customer accounts rather than any security vulnerabilities within their platform.
With over 9,000 customers, including major corporations like Adobe, AT&T, and Mastercard, Snowflake’s AI Data Cloud platform is widely used for storing and processing data. Despite its popularity, the recent breach allegations have raised concerns about the company’s security practices.
According to cybersecurity firm Hudson Rock, the threat actor behind the breaches also targeted other high-profile companies using Snowflake’s services, including Anheuser-Busch and State Farm. The hacker reportedly exploited a vulnerability in Okta’s authentication system to gain unauthorized access to Snowflake employee accounts and extract data from customer databases.
In a daring move, the threat actor attempted to extort $20 million from Snowflake in exchange for not releasing the stolen data. However, the company refused to negotiate with the hacker. Hudson Rock discovered that a Snowflake employee had been infected with malware in October, which allowed the threat actor to steal corporate credentials and access sensitive information.
In response to the breach, Snowflake acknowledged that certain customer accounts had been compromised but maintained that there were no inherent flaws in their infrastructure that had been exploited. The company attributed the breaches to identity-based attacks targeting customer credentials exposed through unrelated cyber threats.
To address the security concerns, Snowflake notified a limited number of customers about the breaches and advised them to enhance their account security by enabling multi-factor authentication. The company also released a security bulletin containing Indicators of Compromise (IoCs) and investigative queries to help affected customers secure their accounts.
One of the IoCs identified the use of a custom tool called “RapeFlake” by the threat actors to extract data from Snowflake’s databases. Another IoC indicated that the hackers used the “DBeaver Ultimate” data management tool to establish connections with the compromised accounts.
Despite the serious nature of the breaches, Snowflake emphasized that the incidents were a result of compromised customer accounts rather than any vulnerabilities in their systems. The company continues to investigate the breaches and has implemented additional security measures to prevent future unauthorized access to customer data.
In conclusion, the alleged data breaches involving Snowflake have raised concerns about the security of cloud storage services and the importance of maintaining strong credential hygiene. As companies increasingly rely on third-party providers for their data storage needs, ensuring robust security measures is crucial to safeguarding sensitive information from cyber threats. Snowflake’s response to the breaches underscores the importance of proactive security measures and rapid incident response in mitigating potential risks to customer data security.