The number of Snowflake customers affected by a data breach is growing, but the cause still seems to lie outside of Snowflake itself.
The American company LendingTree has announced that data from its subsidiary QuoteWizard has fallen into the hands of hackers. They allegedly obtained the data through QuoteWizard’s Snowflake account. Previously, it had come to light that TicketMaster, like the Spanish bank Santander, had terabytes of data on the street. Snowflake is the common thread every time.
Initially, security firm HudsonRock pointed the finger at Snowflake itself, but those accusations have since been retracted after Snowflake received a clear response backed by security specialists CrowdStrike and Mandiant. Snowflake insists that no vulnerability or negligence in its own systems was exploited.
Searching for compromised accounts
However, hackers are apparently actively looking for poorly secured customer accounts. Specifically, these are accounts where no form of MFA has been activated. Snowflake does not require MFA for its users. Through this targeted campaign, hackers are said to have gained access to various accounts belonging to Snowflake customers.
A demo account from Snowflake itself was also compromised, but according to the company, this account did not have access to production environments, so there was no impact on the security of Snowflake’s broader data cloud.
Artin Avanes, Director of Product Management at Snowflake, told ITdaily during the Snowflake Summit last week that Snowflake has implemented strict management rules and controls to prevent an internal Snowflake account from easily gaining access to customer data. To be clear, contrary to HudsonRock’s previous claims, this has not happened. He goes on to say that customers have full control over the encryption of their data.
Responsible for MFA
The cause of the leaks therefore seems almost certainly to be poorly secured accounts of Snowflake customers themselves. Nevertheless, it is striking that Snowflake hardly takes any responsibility, apart from a general warning about the importance of MFA and subsequent contact with affected customers.
Systems to proactively detect mass exfiltration of customer data, mandatory MFA or other mechanisms that can minimize the impact of a customer error do not seem to exist at present. Strictly speaking, this is not necessary, even if the current situation does not reflect well on Snowflake itself. On the other hand, a large part of the responsibility lies with the affected customers themselves if they have indeed used Snowflake accounts with access to sensitive data without any form of MFA.
Source: IT Daily
As an experienced journalist and author, Mary has been reporting on the latest news and trends for over 5 years. With a passion for uncovering the stories behind the headlines, Mary has earned a reputation as a trusted voice in the world of journalism. Her writing style is insightful, engaging and thought-provoking, as she takes a deep dive into the most pressing issues of our time.
Leave a Reply