Snowflake denies breach, blames data theft on poorly secured customer accounts

Snowflake is disputing claims made by a threat actor who stole data belonging to Santander and Ticketmaster, and maintains that the theft of customer data was the result of stolen customer login credentials.
On Friday, the company confirmed that some customers accounts have been accessed by attackers who used previously compromised credentials.
They notified the affected customers, shared indicators of compromise and offered recommendations to assist them in securing their accounts.
Mitiga researchers' post on how Snowflake customers can perform threat hunting has provided more details about the attacks: the attackers breached accounts that did not have 2-factor authentication switched on, grabbed the cloud-stored data and used it to extort the affected organizations.
Hudson Rock researchers also published a report repeating the threat actor's claims that they breached Snowflake's infrastructure by stealing a Snowflake employee's login credentials.
The blog post has since been deleted, but an archived version can be found here.
The threat actor also claimed that by breaching Snowflake's servers, they were able to grab data belonging to Santander Bank and Ticketmaster.
Santander previously confirmed that attackers have accessed one of its databased hosted by a third-party provider, but did not name Snowflake.
A Ticketmaster spokesperson subsequently told TechCrunch that the database was hosted on Snowflake.


This Cyber News was published on www.helpnetsecurity.com. Publication date: Sat, 01 Jun 2024 20:43:14 +0000


Cyber News related to Snowflake denies breach, blames data theft on poorly secured customer accounts

Snowflake at centre of world's largest data breach - Cloud AI Data platform Snowflake are having a bad month. Ticketmaster owner Live Nation filed an 8-K with the SEC for potentially the largest data breach ever, claimed to be 560 million customers. Additionally incidents are running at multiple other ...
1 week ago Doublepulsar.com
Ticketmaster confirms massive breach after stolen data for sale online - Live Nation has confirmed that Ticketmaster suffered a data breach after its data was stolen from a third-party cloud database provider, which is believed to be Snowflake. While the breach has allegedly exposed the data of over 560 million ...
1 week ago Bleepingcomputer.com
Live Nation finally confirms massive Ticketmaster data breach - Live Nation has confirmed that Ticketmaster suffered a data breach after its data was stolen from a third-party cloud database provider, which is believed to be Snowflake. While the breach has allegedly exposed the data of over 560 million ...
1 week ago Bleepingcomputer.com
Snowflake denies breach, blames data theft on poorly secured customer accounts - Snowflake is disputing claims made by a threat actor who stole data belonging to Santander and Ticketmaster, and maintains that the theft of customer data was the result of stolen customer login credentials. On Friday, the company confirmed that some ...
1 week ago Helpnetsecurity.com
Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
5 months ago Securityboulevard.com
31 Alarming Identity Theft Statistics for 2024 - Identity theft is a prevalent issue that affects millions of people annually. Although the numbers are startling, we've selected the 31 most concerning identity theft statistics to help you understand how to secure your identity. In 2022, the FTC ...
5 months ago Pandasecurity.com
Data Breach Response: A Step-by-Step Guide - In today's interconnected world, organizations must be prepared to respond swiftly and effectively in the face of a data breach. To navigate these challenges, a well-defined and comprehensive data breach response plan is essential. Let's explore the ...
4 months ago Securityzap.com
Adobe Real-Time CDP: Personalized Customer Experience - Adobe Experience Cloud Products like Adobe Real-Time CDP are available to assist. A revolutionary solution called Adobe Real-Time Customer Data Platform was created to assist companies in realizing the whole value of their customer data. Adobe ...
5 months ago Hackread.com
E-commerce Security: Protecting Customer Data - In today's digital landscape, ensuring the security of customer data in e-commerce is a crucial concern for businesses. Protecting e-commerce data security is a complex task that requires a comprehensive understanding of the challenges faced by ...
4 months ago Securityzap.com
Okta: Breach Affected All Customer Support Users - When KrebsOnSecurity broke the news on Oct. 20, 2023 that identity and authentication giant Okta had suffered a breach in its customer support department, Okta said the intrusion allowed hackers to steal sensitive data from fewer than one percent of ...
6 months ago Krebsonsecurity.com
T-Mobile Admits to 37 Million Customer Records Stolen by ‘Bad Actor’ - In a shocking news, T-Mobile has admitted that 37 million customer records were stolen by a ‘bad actor’. This data breach happened sometime in the year 2020, when the mobile service provider suffered a data breach exposing personal information ...
1 year ago Nakedsecurity.sophos.com
23andMe Faces Legal Backlash Over Data Breach and Blames Victims - Facing a deluge of more than 30 lawsuits from individuals impacted by a substantial data breach, genomics company 23andMe has taken a defensive stance by placing responsibility on the victims themselves. The breach came to light in October when ...
5 months ago Cysecurity.news
How Can Data Breach Be A Trouble For Your Industry? - To navigate an era of cyber risks, this unsettling reality necessitates a renewed focus on data integrity protection and digital asset protection. In this blog, we will discuss a data breach in the Hospitality industry. Some of the companies like MGM ...
5 months ago Securityboulevard.com
The Rise of Digital Customer Experience - Digital customer experience is a hot topic these days. In all seriousness, digital customer experience is one of the most important differentiators for your business. At its core, DCX is about the customer journey-a guided path for your customers to ...
6 months ago Feedpress.me
The Latest Identity Theft Methods: Essential Protection Strategies Revealed - Identity theft has evolved far beyond the days of stolen mail and dumpster diving. Today's identity thieves employ sophisticated techniques, including account takeovers and government benefit fraud, making it essential for you to stay vigilant to ...
4 months ago Hackread.com
Welltok data breach exposes data of 8.5 million US patients - Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack. Welltok works with health service ...
6 months ago Bleepingcomputer.com
Mint Mobile discloses new data breach exposing customer data - Mint Mobile has disclosed a new data breach that exposed the personal information of its customers, including data that can be used to perform SIM swap attacks. Mint is a mobile virtual network operator owned by T-Mobile, offering budget, pre-paid ...
5 months ago Bleepingcomputer.com
Goto Customers Backup Data Breach: Protect Your Business and Handle Data Breach Risks - A data breach at Goto customers exposed their backup data to malicious actors, leading to a data breach that impacted those customers. Businesses need to be aware of the risks associated with data breaches and how to protect their organisations from ...
1 year ago Securityaffairs.com
CISA Warns of Compromised Microsoft Accounts - CISA issued a fresh CISA emergency directive in early April instructing U.S. federal agencies to mitigate risks stemming from the breach of numerous Microsoft corporate email accounts by the Russian APT29 hacking group. The directive is known as ...
2 months ago Securityboulevard.com
The Irrefutable Case for Customer-Native DSPM - The counterpoint to these awful statistics is the emergence of data security posture management, which involves the continuous assessment, monitoring, and enhancement of an organization's data security. While some DSPM providers advocate traditional ...
2 months ago Securityboulevard.com
City of Philadelphia discloses data breach after five months - The City of Philadelphia is investigating a data breach after attackers "May have gained access" to City email accounts containing personal and protected health information five months ago, in May. While officials discovered the incident on May 24 ...
6 months ago Bleepingcomputer.com
Unmasking Identity Theft: Detection and Mitigation Strategies - In an increasingly digital world, the threat of identity theft looms large, making it imperative for individuals to be proactive in detecting potential breaches and implementing effective mitigation measures. This article delves into key strategies ...
5 months ago Cybersecurity-insiders.com
Akumin Files Notice of Data Breach with the Securities and Exchange Commission - On October 16, 2023, Akumin Inc. filed a notice of data breach with the Securities and Exchange Commission after discovering that it had been the recent victim of a ransomware attack. In this notice, Akumin explains that the incident resulted in an ...
6 months ago Jdsupra.com
Security Breach at LastPass: Customer Data Taken - A recent security breach has exposed customer data from LastPass, a password manager. LastPass has confirmed that a third party was able to access some of the data, including users’ email addresses, hashed passwords, and other account and profile ...
1 year ago Hackread.com
23andMe failed to detect mega-breach attackers for 5 months The Register - Biotech and DNA-collection biz 23andMe, the one that blamed its own customers for the October mega-breach, just admitted it failed to detect any malicious activity for the entire five months attackers were breaking into user accounts. In a collection ...
4 months ago Go.theregister.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)