By Trend News Line 2024-06-11 14:57:56.
Security Breach Hits Snowflake Cloud Storage Customers
A recent security breach has left hundreds of Snowflake cloud storage customers reeling after a significant volume of data was stolen via compromised login credentials. The incident has been linked to massive data breaches at Ticketmaster and Santander Bank, raising concerns about the vulnerability of sensitive information stored in the cloud.
You may also like to watch : Who Is Kamala Harris? Biography - Parents - Husband - Sister - Career - Indian - Jamaican Heritage
Mandiant Investigates Data Theft
Mandiant, a security firm working alongside Snowflake to investigate the data theft, announced that they had tracked the activity to a financially motivated threat actor known as UNC5537. The two companies have notified at least 165 Snowflake customer organizations that may have been compromised since the threat activity was discovered in April. Despite the ongoing investigation, Mandiant has not found any evidence to suggest that Snowflake’s enterprise environment was breached.
Link to Recent Data Breaches
The data breaches at Ticketmaster, Santander Bank, and QuoteWizard have all been linked to Snowflake cloud storage accounts used by the companies. Official details about how the accounts were compromised have been scarce until now, with Snowflake previously stating that the platform itself was not at fault. However, Mandiant’s investigation has revealed a more sinister picture of systematic compromises carried out by the UNC5537 group.
UNC5537 Group Targets Snowflake Customers
Mandiant’s investigation has uncovered that the UNC5537 group has been systematically compromising Snowflake customers using stolen login credentials obtained through historical infostealer malware infections on non-Snowflake-owned systems. Some of these credentials date back to 2020 and have enabled UNC5537 to steal data from Snowflake customer instances, with the intention of selling it on cybercriminal forums and extorting the victims.
Poor Security Practices Amplify Compromises
Mandiant has highlighted that the UNC5537 campaign has been successful due to poor security practices on impacted accounts. Many victims did not update stolen login credentials, nor did they utilize multi-factor authentication (MFA) or network allow lists. This lack of security measures has allowed UNC5537 to continue targeting Snowflake customers, with the list of victims expected to grow in the near future as the group targets additional platforms.
You may also like to watch: Is US-NATO Prepared For A Potential Nuclear War With Russia - China And North Korea?
In conclusion, the security breach affecting Snowflake cloud storage customers has brought to light the importance of robust security measures in protecting sensitive data stored in the cloud. As the investigation continues, it is crucial for organizations to review and enhance their security protocols to prevent future breaches and safeguard their valuable information..
– Ticketmaster Snowflake data breach
– Ticketmaster data breach incident.
