The Snowflake data breach that began in April 2024 is snowballing into one of the largest in history, impacting nearly 200 companies so far.
The Montana-based data warehousing platform revealed that hackers had been attempting to access its customers’ accounts using stolen login details. The breach is linked to attacks on numerous companies with news first breaking in May of victims Ticketmaster and Santander Bank. Since then the list of companies targeted has grown to include Neiman Marcus, Pure Storage, LendingTree, Advance Auto Parts, State Farm, Anheuser-Busch and others.
Since Snowflake’s announcement, cybercriminals have claimed to be selling stolen data from two other major firms, allegedly from Snowflake accounts. TechCrunch reported that hundreds of Snowflake customer passwords are available online.
Snowflake helps some of the largest global corporations — including banks, healthcare providers and tech companies — store and analyze their vast amounts of data, such as customer data, in the cloud.
Snowflake acknowledged “potentially unauthorized access” to a “limited number” of customer accounts but found no evidence of a direct breach of its systems. Instead, it called it a “targeted campaign” against users with single-factor authentication using credentials obtained through infostealing malware.
Despite holding sensitive customer data, Snowflake lets customers manage their own security and does not require multi-factor authentication (MFA). This lack of enforced MFA allowed cybercriminals to access large amounts of data from some customers.
Snowflake admitted one of its “demo” accounts was compromised due to a lack of MFA but claimed it contained no sensitive data. It is unclear if this demo account is linked to the recent breaches.
In its advisory, Snowflake said it is “developing a plan to require our customers to implement advanced security controls, like multi-factor authentication (MFA) or network policies.”
The threat actor “Whitewarlock” is behind the attack. They first appeared on the Russian dark web forum Exploit.in on May 23, the same day they posted data from the breach.
Whitewarlock’s activities and reputation are unclear, with no prior history. Their sudden appearance and specific demands suggest an opportunistic attack rather than a coordinated campaign.
According to a May survey by The Wall Street Journal, 90% of companies reported increased cybersecurity risks in the past year. Nearly all mid-sized businesses, with revenues between $50 million and $1 billion, felt cyber threats had risen.
Ths Snowflake data breaches spotlight the importance of using MFA, in addition to regular security audits and employee training as well as using identity theft protection software such as Enfortra.
