Last week, Australian authorities sounded the alarm saying they had become aware of “successful compromises of several companies utilising Snowflake environments,” without naming the companies.
TechCrunch has this week seen hundreds of alleged Snowflake customer credentials that are available online for cybercriminals to use as part of hacking campaigns, suggesting that the risk of Snowflake customer account compromises may be far wider than first known.
When we checked the web addresses of the Snowflake environments — often made up of random letters and numbers — we found the listed Snowflake customer login pages are publicly accessible, even if not searchable online.
In our checks, we found that these Snowflake login pages redirected to Live Nation (for Ticketmaster) and Santander sign-in pages.
There is some evidence to suggest that several employees with access to their company’s Snowflake environments had their computers previously compromised by infostealing malware.
X, formerly Twitter, is rolling out support for passkeys, a new and more secure login method compared with traditional passwords, to all iOS users globally.
In an update to the X @Safety account on Monday, the company shared that passkeys are now available as a login option for global iOS users.
Update: Passkeys is now available as a login option for everyone globally on iOS!
Try it out.https://t.co/v1LyN0l8wF — Safety (@Safety) April 8, 2024Passkey technology was initiated by Google, Apple, Microsoft, and the FIDO Alliance, alongside the World Wide Web Consortium.
Donald Trump Jr.’s X account was also hacked to post a fake message saying that Donald Trump had passed away.
The feature, spotted first by the TGInfoEn Telegram channel (via reverse engineer AssembleDebug), is rolling out in select countries for Telegram for Android users.
If you agree to let Telegram use your number as an OTP relay, the company will send you a transferable code for Telegram Premium.
The terms of service for this peer-to-peer login program notes that the company will send a maximum of 150 OTP messages per month.
From a monetary perspective, you might end up paying more through your phone bill than the value of Telegram’s premium membership.
However, users opting into the peer-to-peer login system have to think if giving out their phone number to strangers to save a few bucks is worth the hassle.
Stashpad, a developer-focused “DM to yourself”-styled notebook app, is now pivoting to a docs app that you can use without logging in.
The company will still maintain its original notes app and call it “Stashpad Lists.”StashPad Docs is the company’s new offering that doesn’t require any login and supports Markdown formatting.
The product is browser first and document history is stored locally, so users can search for docs without querying the server.
They might do so even without fully acknowledging that Google Docs remains a big part of their workflow.”With this new product, Stashpad aims to attract both technical and non-technical users.
Plus, it sees a venture-sized opportunity for the docs product.
X, formerly Twitter, today announced support for passkeys, a new and more secure login method than traditional passwords, which will become an option for U.S. users on iOS devices.
Today we’re excited to launch Passkeys as a login option for our US-based users on iOS!
For instance, this January, the U.S. Securities and Exchange’s X account was hacked to share an unauthorized post regarding Bitcoin ETF approval.
In the days since Musk’s takeover of Twitter/X, the company removed another security measure that helped keep accounts secure when it announced last year that it would no longer support SMS 2FA for non-paying accounts.
However, the reality was that removing the security protection made Twitter less secure, as a result.
In light of Twitter’s new API pricing, some developers are concerned that the site is not being clear about how its new rules will be enforced. This comes after seeing…