Cloud AI Data platform Snowflake are having a bad month.
Ticketmaster owner Live Nation filed an 8-K with the SEC for potentially the largest data breach ever, claimed to be 560 million customers.
Additionally incidents are running at multiple other companies who are Snowflake customers where full databases have been taken - I have spoken to people in multiple industries at large corporations where they've had significant data exfiltration in May via Snowflake.
Hudson Rock is able to confirm a massive breach at Snowflake was caused by credentials compromised via an Infostealer.
In that blog, HudsonRock show stolen credentials of a former Snowflake staff member.
The threat actor makes various claims which sound questionable but, well, Snowflake have confirmed some of it is true while crowing to the media and customers the blog isn't true.
We have what appears to be the world's biggest data breach - in terms of impacted individuals - playing out with Snowflake as the vendor linking the victims.
Snowflake, for those won't know, is an AI data platform where you shove vast amounts of data in and use it.
Snowflake have to own this issue and face straight into it to survive, as there's an extremely high chance this is going to play out publicly over the coming weeks and months.
Despite Snowflake saying the Hudson Rock blog is inaccurate, the Snowflake credentials bit is accurate.
Snowflake have incident response stood up, with Crowdstrike.
Essentially, is info stealers were used to gain access to Snowflake databases using their customer's stolen credentials, using the client name rapeflake.
Snowflake themselves fell into this trap, by both not using multi factor authentication on their demo environment and failing to disable a leaver's access.
Shit happens, incidents happen, and while Snowflake may present themselves as having no platform breach, they themselves also fell into the same problem and in terms of optics isn't great.
You may know about infostealers as I recently wrote about them being a huge threat when it comes to Microsoft Copilot+ Recall allowing full data threat of everything you've ever viewed - a feature you should absolutely disable in Windows 11.
If you use Snowflake, you need to go first of all enable multi-factor authentication and tighten authentication to your database as a top priority.
You need to go back and look at the access logs on Snowflake itself and check who has been using your data - you cannot rely on Snowflake doing this for you.
Ask the Snowflake victims how they have fixed the problem - it's through robust MFA. Something is wrong at Snowflake when it comes to authentication.
Snowflake themselves fell victim to this incident, albeit with a demo tenant.
It will be a developing story and all eyes are on Snowflake.
This Cyber News was published on doublepulsar.com. Publication date: Sun, 02 Jun 2024 12:13:06 +0000