It’s the first time that the number of affected Snowflake customers has been disclosed since the account hacks began in April.
So far, only Ticketmaster and LendingTree have confirmed data thefts where their stolen data was hosted on Snowflake.
Several other Snowflake customers say they are currently investigating possible data thefts from their Snowflake environments.
Mandiant said the threat campaign is “ongoing,” suggesting the number of Snowflake corporate customers reporting data thefts may rise.
Last week, TechCrunch found circulating online hundreds of Snowflake customer credentials stolen by malware that infected the computers of staffers who have access to their employer’s Snowflake environment.
Last week, Australian authorities sounded the alarm saying they had become aware of “successful compromises of several companies utilising Snowflake environments,” without naming the companies.
TechCrunch has this week seen hundreds of alleged Snowflake customer credentials that are available online for cybercriminals to use as part of hacking campaigns, suggesting that the risk of Snowflake customer account compromises may be far wider than first known.
When we checked the web addresses of the Snowflake environments — often made up of random letters and numbers — we found the listed Snowflake customer login pages are publicly accessible, even if not searchable online.
In our checks, we found that these Snowflake login pages redirected to Live Nation (for Ticketmaster) and Santander sign-in pages.
There is some evidence to suggest that several employees with access to their company’s Snowflake environments had their computers previously compromised by infostealing malware.
U.S. cybersecurity agency CISA is warning Sisense customers to reset their credentials and secrets after the data analytics company reported a security incident.
CISA said it urges Sisense customers to “reset credentials and secrets potentially exposed to, or used to access, Sisense services” and to report any suspicious activity involving the use of compromised credentials to the agency.
Founded in 2004, Sisense develops business intelligence and data analytics software for big companies, including telcos, airlines and tech giants.
Companies like Sisense rely on using credentials, such as passwords and private keys, to access a customer’s various stores of data for analysis.
With access to these credentials, an attacker could potentially also access a customer’s data.
Video game giant Activision is investigating a hacking campaign that’s targeting players with the goal of stealing their credentials, TechCrunch has learned.
Somehow, the hackers are getting malware on the victim’s computers and then stealing passwords for their gaming accounts and crypto wallets, among others, according to sources.
Zeebler described the effort as an “infostealer malware campaign,” where malware designed as legitimate-looking software unknowingly installed by the victim surreptitiously steals their usernames and passwords.
Zeebler told TechCrunch that he found out about the hacking campaign when a PhantomOverlay customer had their account for the cheat software stolen.
After that, Zeebler said he contacted Activision Blizzard as well as other cheat makers, whose users appear to be affected.
