Security News > 2024 > June > Hudson Rock yanks report fingering Snowflake employee creds snafu for mega-leak

Snowflake said if any customer data was taken from its servers, it may have been obtained by thieves who got hold of individual customers' account credentials - via targeted phishing, some other leak, or malware, for example - and not by a general compromise of Snowflake's security.

On Friday, in its now-deleted write-up, Hudson Rock wrote that data thieves claimed to have signed into a Snowflake employee's ServiceNow work account and used this access to siphon databases belonging to as many as 400 Snowflake corporate clients.

We suppose there could have been some kind of misunderstanding, miscommunication, or poor translation that led to Hudson Rock conveying that Snowflake customers had their info swiped via stolen Snowflake employee creds versus stolen individual account credentials.

Snowflake CISO Brad Jones in a statement said crooks did steal a Snowflake worker's credentials, but did not use them to access sensitive information, such as customer data in the cloud; instead those creds got the intruder or intruders into worthless demo accounts, we're told.

"If a threat actor obtains customer credentials, they may be able to access the account. Snowflake employees are no different and can also create their own Snowflake 'customer' accounts using personal credentials."

ShinyHunters said the ServiceNow part was made up by whoever spoke to Hudson Rock, and added the bit "That's true is we wanted Snowflake to send us $20 million," referring to the crime ring trying to extort that amount from Snowflake to keep any data stolen from the biz under wraps.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/06/04/snowflake_report_pulled/