Snowflake Data Breaches on the Rise: Major Companies Among Victims

Snowflake, a prominent cloud data storage and analytics company, is facing scrutiny as data breaches involving its customers continue to rise. Recent victims include LendingTree subsidiary QuoteWizard and automotive parts provider Advance Auto Parts. Snowflake’s ongoing investigation reveals that attackers accessed accounts protected by single-factor authentication, using credentials obtained through infostealing malware.

The breaches, which began in April 2024, have affected a "limited" number of Snowflake’s 9,800+ global customers. Confirmed victims include Santander Group, Live Nation Entertainment subsidiary TicketMaster, and potentially LendingTree’s QuoteWizard. Additionally, Tech Crunch identified over 500 login credentials for Snowflake environments on a website frequented by attackers.

In response, Snowflake CISO Brad Jones emphasized that the breaches were not due to platform vulnerabilities but rather compromised credentials from customer accounts lacking multi-factor authentication (MFA). Snowflake plans to mandate advanced security controls, including MFA, for privileged accounts to enhance security.

Security firm Mandiant, assisting in the investigation, confirmed no breach of Snowflake’s enterprise environment. They notified 165 potentially exposed organizations, attributing the compromised credentials to historical infostealer infections. Mandiant highlighted that many affected accounts did not rotate credentials or use network allow lists, further exposing them to threats.