Subscribe to our newsletter and stay informed

Check out our list of top companies

Check out our carefully compiled lists of the most relevant and impactful companies within their fields.

Check out our list of top unicorns

Read and learn about the biggest companies that various countries have produced, how they made it, and what the future looks like for them.

Hackers Steal Massive Data from Snowflake Customers

Security researchers have uncovered a significant data breach affecting hundreds of Snowflake customers
June 10, 2024

In a concerning development, security researchers have uncovered that cybercriminals have stolen significant volumes of data from hundreds of customers using the cloud storage services of Snowflake. The incident response firm Mandiant, collaborating with Snowflake on the investigation, revealed in a blog post on Monday that around 165 customers have been notified about potential data theft.

This disclosure marks the first time the scope of the affected Snowflake customers has been made public since the attacks began in April. Snowflake, which has over 9,800 corporate clients—including healthcare organizations, retail giants, and major tech companies—had previously stated that only a "limited number" of its customers were affected.

So far, Ticketmaster and LendingTree are the only companies to confirm data thefts from their Snowflake-hosted environments. Other Snowflake customers are still investigating possible breaches. Mandiant warned that the threat campaign is ongoing, indicating that more companies could soon report similar incidents.

The cyberattacks have been attributed to UNC5537, an unclassified group of cybercriminals primarily motivated by financial gain. This gang, which includes members in North America and at least one in Turkey, uses stolen credentials to access Snowflake accounts and exfiltrate valuable data, later attempting to extort victims by threatening to release the data publicly.

Mandiant's investigation revealed that these attacks date back to at least April 14, with Snowflake being notified of the intrusions on May 22. The majority of the stolen credentials were traced back to historical infostealer infections, some as old as 2020. While Snowflake's systems were not directly breached, the company pointed to inadequate security measures on customer accounts, particularly the lack of multi-factor authentication (MFA).

Recently, TechCrunch reported that hundreds of Snowflake customer credentials, compromised by malware on employee computers, were circulating online. This ongoing risk highlights the urgency for customers to change their passwords and enable MFA.

Despite the growing threat, Snowflake does not mandate the use of MFA by default. In a brief update, the company mentioned plans to enforce MFA on customer accounts but has not provided a specific timeline. Snowflake spokesperson Danica Stanczak did not comment on why the company has not yet reset customer passwords or enforced MFA following these incidents.

The security landscape remains precarious as Snowflake and its customers grapple with these breaches. Companies using Snowflake are urged to bolster their security measures to mitigate further risks. For those with additional insights into the Snowflake account intrusions, reaching out to security teams and reporters can help shed more light on these ongoing threats. 

If you have more information about the Snowflake breaches, contact the reporter via Signal and WhatsApp at +1 646-755-8849, or email. You can also send files and documents securely via SecureDrop.

More about:  | |

Last related articles

chevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram