Snowflake’s Data Breaches: A Growing Security Concern
Following a recent string of customer data thefts, Snowflake’s security issues are starting to become a major problem.
After Ticketmaster was the first to announce a data breach linked to Snowflake, loan comparison site LendingTree has now confirmed that its subsidiary, QuoteWizard, has also had data stolen from the cloud data company.
“We can confirm that we use Snowflake for our business operations, and that we were notified by them that our subsidiary, QuoteWizard, may have had data impacted by this incident,” said LendingTree spokesperson Megan Greuling.
“We take these matters seriously, and immediately launched an internal investigation upon hearing from Snowflake. At this time, it does not appear that consumer financial account information or information from parent company LendingTree was affected. We are continuing to investigate and will provide updates as necessary.”
As more affected customers come forward, Snowflake has remained relatively quiet. The company has issued a brief statement on its website, reiterating that the data breach was not on their own systems, but rather due to a lack of multi-factor authentication (MFA) on their customers’ accounts. Snowflake does not enforce or require MFA by default.
In a statement released on Friday, Snowflake reiterated their position, stating that the breach was a “targeted campaign directed at users with single-factor authentication” and that the stolen credentials were most likely obtained from malware or previous data breaches.
According to TechCrunch, hundreds of Snowflake customer credentials that were stolen from employees’ computers infected with password-stealing malware have been found online. This highlights the risks to customers who have not changed their passwords or enabled MFA on their accounts.
- The number of affected customers is still unknown.
- Snowflake has notified a limited number of customers but has declined to comment on the exact number.
- There is evidence of intrusions dating back to mid-April, suggesting that the scale of the breach may be larger than initially thought.
- Mandiant, the incident response firm assisting Snowflake, has been working with affected organizations for several weeks, according to Bleeping Computer.
Questions have also been raised about the former Snowflake employee’s “demo” account that was compromised due to the lack of MFA. Snowflake has said that the account did not contain sensitive data, but it is not clear if the account is linked to the recent customer data thefts.
Snowflake has advised its customers to reset their passwords and enable MFA, and the company has stated that it plans to require and enforce MFA in the future. However, there is no indication of when this will happen.
It is interesting to note that last year, 23andMe reset user passwords and required MFA after a data scraping incident that affected 6.9 million users. It remains unclear why Snowflake has not taken similar action to protect its customers’ accounts.
If you have any information about the Snowflake account intrusions, please reach out. You can contact the reporter via Signal and WhatsApp at +1 646-755-8849, or by email. SecureDrop can also be used to send files and documents.
[…] to security researchers, a considerable amount of data has been stolen by financially driven cybercriminals […]