Snowflake Company’s Systems Breached by Hackers
Hackers have utilized malicious software to penetrate the systems of Snowflake, an American company that handles cloud data analysis. As a result, millions of personal records were stolen, mainly people who are consumers for Snowflake’s clientele companies. Notably, clients of Santander Bank and Ticketmaster fell victim to this cybercrime, revealing extensive and significant data breaches.
Widespread Breach Affecting Major Companies
Australian authorities raised concerns last week about confirmed cyber-attacks on several companies utilizing Snowflake’s services. However, these companies were not named. Meanwhile, hackers announced on their forums that they successfully stole hundreds of millions of Santander Bank and Ticketmaster records – two of Snowflake’s largest clients. Santander confirmed the database breach, executed by an unnamed third-party provider. Furthermore, Live Nation confirmed that it’s subsidiary company, Ticketmaster’s data, was stolen and stored on Snowflake.
Snowflake itself acknowledged awareness of “potentially unauthorized access” to a “limited number” of customer accounts, although no specifics were given. There were no evidence of direct system breaches, according to the cloud operator. The company believes the breach was targeted at single-factor authentication users via malware designed to steal stored passwords. Despite storing sensitive client data, Snowflake lets clients handle their security, without imposing two-factor authorization, which hackers likely exploited. The intrusion into a sample account only protected by username and password was also acknowledged, however, no sensitive data was contained.
Stolen Logins and Password Found Online
An anonymous, cybercrime-savvy source shared with TechCrunch a website publishing compromised login details. The site revealed over 500 logins and passwords providing access to Snowflake’s systems. Santander and Ticketmaster, at least two pharmaceutical giants, a fresh water supplier, a food delivery service, and other organizations owned these credentials. The list also contained exposed usernames and passwords possibly owned by a former Snowflake employee.
Indirect evidence indicated that malware seized these credentials. Several company email addresses, used as usernames for accessing the Snowflake platform, were found among millions of stolen logins and passwords published on Telegram. Snowflake has suspended accounts showing signs of malicious activity, emphasizing that users are responsible for enabling multifactor authorization. The company is currently considering all options for implementing multifactor authorization, although the final plan has not been confirmed yet.