The Snowflake Attack Piling Up To Be the Largest Data Breach Yet
Earlier this year, Snowflake Inc.(“Snowflake”), an American cloud computing–based data cloud company based in Bozeman, Montana, became aware of potentially unauthorized access to certain customer accounts. However, recent reports may prove that this cyberattack may snowball into the largest data breach ever reported.
In a notice issued on May 23, 2024, Snowflake explained to its community that it had become aware of unauthorized access to its customer accounts. This alert immediately piqued the interest of the tech community, as Snowflake is a multi-cloud data warehousing platform used to store and analyze large amounts of structured and unstructured data for some of the largest global corporations, including banks, healthcare providers, and tech companies.
Upon the discovery of the breach, Snowflake launched an investigation where it uncovered that the increased threat activity began in mid-April 2024 from a subset of IP addresses and suspicious clients it believes were related to unauthorized access.
As explained in a blog post about the incident written by Brad Jones, Snowflake's chief information security officer, Snowflake believes the threat actor obtained the personal credentials of a former Snowflake employee through infostealing malware, which is designed to pull usernames and passwords from compromised devices.
Jones said that with the obtained credentials, the threat actors were then able to access demo accounts belonging to the former employee and target users with single-factor authentication. The update also mentioned that the demo accounts accessed did not contain sensitive data as they were not connected to Snowflake's production or corporate systems.
Ticketmaster, Santander, and Others Are Connected to the Snowflake Data Breach
While Snowflake mentioned the cyber attacker only campaigned against some of its customer accounts, other reports claim hundreds of Snowflake customer passwords were found online, and other major companies have also been affected by the breach. In mid-May, a forum appeared on the cybercrime marketplace BreachForums that claimed the cybercriminals known as ShinyHunters were selling 560 million records from Live Nation Entertainment, Inc.(primarily from its Ticketmaster subsidiary) and 30 million from Santander Bank, N. A.(“Santander”).
The FBI eventually took down the original post on BreachForums. However, it was quickly replaced by another forum, where it was revealed that ShinyHunters were able to steal the data from the two firms directly from the Snowflake accounts. Both Ticketmaster and Santander have recently reported suffering from data breaches. Currently, only Ticketmaster has directly linked its breach to the Snowflake incident, and neither company has confirmed the size of the breach.
Another BreachForums account, Sp1d3r, claims it posted two more companies whose data it claims is related to the Snowflake incident. The first is automotive giant Advance Auto Parts, from which Sp1d3r claims to have 380 million customer details. The second is the financial services company LendingTree and its subsidiary QuoteWizard, which Sp1d3r claims to have the data linked to 190 million people.
Investigators from BleepingComputer, an information security and technology news publication, verified that the 3 terabytes of data containing the Advance Auto Parts staff and customer email addresses listed in sample data appeared to be legitimate and may be involved in a security incident related to Snowflake. In an interview, a spokesperson for Advance Auto Parts said that while they have not experienced any impacts on their operations or systems, they are still investigating the incident and currently do not have any further information to share.
LendingTree has also confirmed it uses Snowflake for its business operations and was notified that its QuoteWizard subsidiary "may have had data impacted by this incident." LendingTree does not currently believe QuoteWizard's consumer financial account information was impacted by the breach. However, their investigation is still ongoing.
According to Sp1d3r, the stolen data from Advance Auto Parts is worth roughly $1.5 million, and the 2 terabytes of LendingTree and QuoteWizard data were listed for approximately $2 million. Neither LendingTree nor Advance Auto Parts has filed breach notifications with the Securities and Exchange Commission; however, both companies have been listed as previous customers of Snowflake cloud services.
While Snowflake mentioned the cyber attacker only campaigned against some of its customer accounts, other reports claim hundreds of Snowflake customer passwords were found online, and other major companies have also been affected by the breach. In mid-May, a forum appeared on the cybercrime marketplace BreachForums that claimed the cybercriminals known as ShinyHunters were selling 560 million records from Live Nation Entertainment, Inc.(primarily from its Ticketmaster subsidiary) and 30 million from Santander Bank, N. A.(“Santander.”)
Another report from TechCrunch has also claimed that hundreds of Snowflake customer passwords have been found online and are accessible to cybercriminals.
What Is Snowflake Doing To Keep Their Client’s Data Safe?
In an attempt to provide its customers with some form of security from the breach, Snowflake has begun implementing new security measures. Earlier this week, Jones wrote in an updated blog post stating that the company was committed to transparency around its ongoing investigation and is continuing to work closely with its customers as they harden their security measures to reduce cyber threats to their businesses.
Snowflake is developing a plan to require its customers to implement advanced security controls, such as multi-factor authentication(MFA) or other network policies. Throughout its ongoing investigation, the cloud company claims that it has informed the limited number of customers it believes may have been impacted by the breach and provided them with additional hardening recommendations to assist customers in securing their accounts.
Contact a Class Action Data Breach Attorney Today
Snowflake is just the latest company to have experienced a security incident and sizable data breach caused by the lack of MFA and other account security features. If you believe you were affected by the Snowflake data breach, we may be able to help you. For more information about the latest data breaches and how we may be able to help you, connect with one of our class action attorneys today by completing our free no-obligation quiz.
Injured? Getting the compensation you deserve starts here.
Deep Dive
Explore more information related to the case process.