Security News > 2024 > June > Snowflake denies breach, blames data theft on poorly secured customer accounts
Snowflake is disputing claims made by a threat actor who stole data belonging to Santander and Ticketmaster, and maintains that the theft of customer data was the result of stolen customer login credentials.
"We are aware of recent reports related to a potential compromise of the Snowflake production environment," cloud company Snowflake said in an update of Friday's warning about identity-based attacks targeting its customers.
Mitiga researchers' post on how Snowflake customers can perform threat hunting has provided more details about the attacks: the attackers breached accounts that did not have 2-factor authentication switched on, grabbed the cloud-stored data and used it to extort the affected organizations.
Hudson Rock researchers also published a report repeating the threat actor's claims that they breached Snowflake's infrastructure by stealing a Snowflake employee's login credentials.
"We did find evidence that similar to impacted customer accounts, the threat actor obtained personal credentials to and accessed a demo account owned by a former Snowflake employee," he said, but claimed that the account did not contain sensitive data nor is it connected to Snowflake's production or corporate systems.
The threat actor also claimed that by breaching Snowflake's servers, they were able to grab data belonging to Santander Bank and Ticketmaster.
News URL
https://www.helpnetsecurity.com/2024/06/01/snowflake-breach-data-theft/
Related news
- Snowflake Breach Exposes 165 Customers' Data in Ongoing Extortion Campaign (source)
- Pure Storage confirms data breach after Snowflake account hack (source)
- Snowflake breach snowballs as more victims, perps, come forward (source)
- Neiman Marcus confirms data breach after Snowflake account hack (source)