Snowflake Inc. plans to shut its personal investigation this week right into a hacking marketing campaign that ensnared as many as 165 of its clients.
The cloud knowledge and analytics firm hasn’t detected any unauthorized entry into buyer accounts since early final week, Chief Info Safety Officer Brad Jones, mentioned in an interview with Bloomberg Information. The corporate mentioned on June 2 that hackers had launched a “targeted campaign” directed in opposition to Snowflake customers that used single-factor authentication strategies.
The total scope of the information theft amongst Snowflake clients stays unclear. Cyber agency Mandiant, a unit of Google Cloud that’s serving to Snowflake examine the incident, said Monday that it had knowledgeable 165 “doubtlessly uncovered organizations” about their doable vulnerability. Solely a handful of shoppers similar to Dwell Nation Leisure Inc., Pure Storage Inc. and Superior Auto Components to date have recommended that they skilled Snowflake-related points.
Hackers used stolen credentials that had been obtainable in locations like cybercriminal boards to entry buyer accounts, which lacked safety measures similar to multifactor authentication, Jones mentioned. The attackers didn’t entry a file of Snowflake logins, however fairly used stolen usernames and passwords to infiltrate the accounts, assuming that folks reuse their credentials, he mentioned.
Snowflake doesn’t have visibility into how a lot buyer knowledge was stolen, Jones mentioned. The corporate has been working with legislation enforcement, along with Mandiant and CrowdStrike Holdings Inc., to look into the matter.
Jones mentioned the hacking marketing campaign underscores that many threats are preventable. “We have now a broader problem within the safety neighborhood and enterprises that lots of people aren’t nailing the fundamentals,” he mentioned in a reference to multifactor authentication.
Snowflake turned conscious of the hacking effort on Could 22, Jones mentioned. The corporate blocked IP addresses linked to the hackers, working with business digital non-public community distributors to take action, he added. Mandiant’s investigation started in April 2024 when it discovered about leaked database information that the cyber agency later decided originated from a Snowflake buyer account.
If clients did not take motion to safe doubtlessly impacted accounts, Jones mentioned, Snowflake locked these accounts to forestall additional licensed entry.
The corporate plans to launch instruments later this month that assist clients speed up adoption of safety measures similar to multifactor authentication, which requires somebody to confirm their identification in two or extra methods earlier than getting access to their account.
Snowflake expenses clients based mostly on a lot they use the product — also called consumption. This contains after they take away knowledge from the system. Jones mentioned that “no vital consumption” occurred because of hackers gained unauthorized entry to buyer accounts.
“It’s not like they had been doing heavy computation on the information, simply retrieving it,” Jones mentioned when explaining why the hackers didn’t trigger any significant further Snowflake prices for purchasers.
Final week, Ticketmaster proprietor Dwell Nation mentioned it had found “unauthorized exercise” on a third-party cloud database. An individual conversant in the state of affairs mentioned the account was hosted on Snowflake. Superior Auto Components additionally mentioned it was investigating stories that that it was concerned in a “safety incident associated to Snowflake.”
Snowflake declined to touch upon any particular clients.
Mandiant decided {that a} hacking group known as known as “UNC5537” was chargeable for the assaults and that the gang hadn’t used “novel or refined instruments” to hold out the hack. As a substitute, the report mentioned the hackers exploited the “massive lists of stolen credentials” that “exist each totally free and for buy” on the darkish internet. Most suspected members of the gang are based mostly in North America, researchers mentioned.
Picture: Photographer: Chris Ratcliffe/Bloomberg
Copyright 2024 Bloomberg.
Matters
Cyber
Fascinated by Cyber?
Get computerized alerts for this matter.
