Snowflake Data Breaches on the Rise: Major Companies Among Victims (Help Net Security)

Snowflake Data Breaches on the Rise: Major Companies Among Victims

Monday, June 10th, 2024 Insurance Industry Risk Management Technology

Snowflake, a prominent cloud data storage and analytics company, is facing scrutiny as data breaches involving its customers continue to rise. Recent victims include LendingTree subsidiary QuoteWizard and automotive parts provider Advance Auto Parts. Snowflake’s ongoing investigation reveals that attackers accessed accounts protected by single-factor authentication, using credentials obtained through infostealing malware.

The breaches, which began in April 2024, have affected a "limited" number of Snowflake’s 9,800+ global customers. Confirmed victims include Santander Group, Live Nation Entertainment subsidiary TicketMaster, and potentially LendingTree’s QuoteWizard. Additionally, Tech Crunch identified over 500 login credentials for Snowflake environments on a website frequented by attackers.

In response, Snowflake CISO Brad Jones emphasized that the breaches were not due to platform vulnerabilities but rather compromised credentials from customer accounts lacking multi-factor authentication (MFA). Snowflake plans to mandate advanced security controls, including MFA, for privileged accounts to enhance security.

Security firm Mandiant, assisting in the investigation, confirmed no breach of Snowflake’s enterprise environment. They notified 165 potentially exposed organizations, attributing the compromised credentials to historical infostealer infections. Mandiant highlighted that many affected accounts did not rotate credentials or use network allow lists, further exposing them to threats.


Claims Pages Staff Writers are dedicated professionals covering a broad spectrum of insurance topics, including auto, catastrophe, education & training, fraud, legislation, liability, life & health, litigation, property, risk management, technology, underwriting, and workers' compensation. With over 25 years of distribution, our publication brings you accurate and timely information to keep you informed and ahead in the claims industry.


External References & Further Reading
https://www.helpnetsecurity.com/2024/06/10/snowflake-customer-data-breaches/

Mid-America Catastrophe ServicesMid-America Catastrophe ServicesNationwide OversprayWeller Salvage

  Recent Provider Listings

Serving the US
National Adjusters Emergency Disaster Response Services Third Party Administrators Tpa
Serving Contra Costa County
California Fire & Water Damage Restoration
Serving Florida Statewide
Florida Roofing Contractors