Snowflake Attack Could Become One of the Biggest Data Breaches

Massive ‍Data Breach at Snowflake

Introduction

Snowflake, a cloud storage company, recently​ revealed a significant data breach where hackers attempted to access customer accounts using stolen login details. This incident‍ could become one of the largest data breaches ever.

Details of the ‍Breach

Last week, Snowflake disclosed that​ criminal hackers had been trying ‍to infiltrate its ‌customers’‌ accounts. The breach was first reported by Zero Byte, which based its investigation on over 22‌ million flight coordinates.

Impacted Companies

On BreachForums, a ⁣user named Sp1d3r ⁤claimed to have ​data from two more companies related to the Snowflake breach: Advance Auto​ Parts, with 380 ‍million customer details,‌ and LendingTree along with‍ its subsidiary QuoteWizard, with data ⁣linked to‍ 190 million people.

Verification of Data

Some email addresses of Advance Auto Parts staff and customers listed by ⁢the ‍hacker appear to be legitimate. Emails sent⁢ to these addresses by Zero Byte ⁢did not bounce back or get rejected.

Snowflake’s Response

Brad Jones,⁢ Snowflake’s chief information ⁣security officer, provided more ‌information about the ⁣incident. He noted ‍that the threat actor’s profile picture was taken from an article⁤ referencing the threat group Scattered Spider, though it’s​ unclear if this was an‌ intentional association.

“Interestingly, the ‍threat actor’s profile picture is taken from an article referencing the threat group Scattered Spider, although⁣ it is unclear whether this is to make an intentional association with⁤ the threat group.”

Interconnected Systems

The ‍breach highlights the interconnected nature of companies relying on third-party providers. Security researcher Tory Hunt commented on the difficulty of controlling the security posture of third ​parties.

“I think a ⁤lot of this is just‌ a recognition of how interdependent these services now are and how hard it is⁢ to ‍control the security posture of third parties.”

Preventive⁤ Measures

Snowflake has advised all customers to enforce ​multifactor authentication on all‌ accounts and restrict traffic to authorized users⁢ or locations. Impacted ​companies should also reset ‍their Snowflake login credentials. Enabling multifactor ⁣authentication vastly reduces the chances of online accounts being compromised.

Infostealing Malware

TechCrunch reported that it has‍ seen ​ hundreds of ⁢alleged Snowflake customer⁢ credentials taken ‌by infostealing malware ‍from​ computers of people who accessed Snowflake accounts.

Rise ⁣in⁤ Infostealer ⁣Malware

Since the Covid-19 pandemic, there has been a rise in the use of infostealer malware. ‌Ian Gray, vice president‌ of intelligence‍ at Flashpoint, noted that​ infostealers are in high⁤ demand and easy to⁤ create. Hackers often modify existing infostealers and ​sell them for as little as $10.

“Infostealers⁣ have become more popular because they’re in​ high⁤ demand and pretty easy to create.”

Targeted Information

Gray explained that‌ this malware targets sensitive information like browser data, credit cards, and crypto wallets. ​Hackers might use the logs to break into enterprise accounts ​without permission.

“This malware can ​be delivered​ in different ways and targets sensitive info like​ browser⁣ data (cookies and credentials), credit cards,⁤ and crypto wallets.‍ Hackers might ​comb through ⁤the logs for enterprise ⁤credentials to break into accounts without permission.”