Snowflake is disputing claims made by a threat actor who stole data belonging to Santander and Ticketmaster, and maintains that the theft of customer data was the result of stolen customer login credentials.
On Friday, the company confirmed that some customers accounts have been accessed by attackers who used previously compromised credentials.
They notified the affected customers, shared indicators of compromise and offered recommendations to assist them in securing their accounts.
Mitiga researchers' post on how Snowflake customers can perform threat hunting has provided more details about the attacks: the attackers breached accounts that did not have 2-factor authentication switched on, grabbed the cloud-stored data and used it to extort the affected organizations.
Hudson Rock researchers also published a report repeating the threat actor's claims that they breached Snowflake's infrastructure by stealing a Snowflake employee's login credentials.
The blog post has since been deleted, but an archived version can be found here.
The threat actor also claimed that by breaching Snowflake's servers, they were able to grab data belonging to Santander Bank and Ticketmaster.
Santander previously confirmed that attackers have accessed one of its databased hosted by a third-party provider, but did not name Snowflake.
A Ticketmaster spokesperson subsequently told TechCrunch that the database was hosted on Snowflake.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Sat, 01 Jun 2024 20:43:14 +0000