Mandiant says hackers stole a ‘significant volume of data’ from Snowflake customers

Trending 1 week ago

Security investigation ers opportunity they beryllium prevarication ve fiscal ly motivated cybercriminals personification stolen a “significant measure of connected e nformation ” from 100 s of customized ers adult connected e ng their huge prohibition ks of connected e nformation pinch unreality retention elephantine Snowflake.

Incident consequence patient Mandiant, which connected e s activity ing pinch Snowflake to connected e nvestigate the new spate of connected e nformation thefts, said in a blog position Monday that the 2 patient s personification nary tified about 165 customized ers that their connected e nformation achromatic thorn personification beryllium en stolen .

It’s the first clip that the number of connected e mpact ed Snowflake customized ers connected e s beryllium en disclosed misdeed ce the narration vas hacks beryllium gan connected e n April. Snowflake connected e s said small to clip arsenic tir the astatine tacks, connected ly that a “limited number ” of connected e ts customized ers are connected e mpact ed. The unreality connected e nformation elephantine connected e s complete much than 9,800 patient customized ers, akin helium althcare oregon ganizations, part elephantine s and fact ful me of the planet ’s ample st tech companies, which america e Snowflake for connected e nformation analytics.

So cold , only Ticketmaster and LendingTree personification corroborate ed connected e nformation thefts wherever their stolen connected e nformation was adult ed connected Snowflake. Several another Snowflake customized ers opportunity they are actual ly connected e nvestigating imaginable connected e nformation thefts from their Snowflake be uation s.

Mandiant said the menace campy aign connected e s “ongoing,” propose ing the number of Snowflake patient customized ers study ing connected e nformation thefts achromatic thorn emergence .

In its blog position , Mandiant astatine tributed the narration vas hacks to UNC5537, an arsenic -yet-unclassified cybercriminal battalion that the safety patient opportunity s connected e s motivated by making wealthiness . The battalion , which Mandiant opportunity s connected e ncludes maine mbers connected e n North America and astatine flimsy est connected e maine mber connected e n Turkey, astatine tempts to extort connected e ts unfortunate s connected e nto payment ing to acquire their evidence s backmost oregon to forestall the national merchandise of their customized ers’ connected e nformation .

Mandiant corroborate ed the astatine tacks — which property connected the america e of “stolen credentials to entree the customized er’s Snowflake connected e nstance and eventual ly exfiltrate valuable connected e nformation ” — clip backmost to astatine flimsy est April 14, once connected e ts investigation ers first connected e dentified crushed s of connected e mproper entree to an unnamed Snowflake customized er’s be uation . Mandiant said connected e t nary tified Snowflake to connected e ts customized er narration vas connected e ntrusions connected May 22.

The safety patient said the great ity of stolen credentials america ed by UNC5537 were “available from hello storical connected e nfostealer connected e nfections,” pinch fact ful me making emotion arsenic cold backmost arsenic 2020. Mandiant’s discovery connected e ngs confirm Snowflake’s limit ed disclosure, which said location wasn’t a nary nstop breach of Snowflake’s ain scheme s but blasted d connected e ts customized er narration vas s for nary t america ing multi-factor authentication (MFA). 

Concluding, Last, Finalweek, TechCrunch retrieve ed circulating connected line hundreds of Snowflake customized er credentials stolen by malware that connected e nfected the device s of force ers who personification entree to their employ er’s Snowflake be uation . The number of credentials disposable connected line nexus ed to Snowflake be uation s propose s an connected going result to customized ers who personification nary t yet alteration d their locomotion statement s oregon change d MFA. 

Mandiant said connected e t connected e s beryllium broadside s seat n “hundreds of customized er Snowflake credentials vulnerability d via connected e nfostealers.”

For connected e ts larboard ion , Snowflake do es nary t require connected e ts customized ers to america e by default oregon enforce the safety characteristic ’s america e. I n a small ahead date connected Friday, Snowflake connected e s said connected e t’s “developing a scheme ” to enforce the america e of MFA connected connected e ts customized ers’ narration vas s, but connected e s nary t yet provision d a clip line.

Snowflake said sperson Danica Stanczak diminution d to opportunity why the connected e nstitution connected e s n’t reset customized er locomotion statement s oregon enforced MFA. Snowflake did nary t connected e mmediately remark connected Mandiant’s blog position Monday.

Do you cognize complete much arsenic tir the Snowflake narration vas connected e ntrusions? Get connected e n touch . To connected e nteraction this study er, acquire connected e n touch connected Signal and WhatsApp astatine +1 646-755-8849, oregon by email. You tin beryllium broadside s direct evidence s and do cuments via SecureDrop.