News Hub

More than 160 Snowflake clients breached by cyber criminals

Written by Thu 13 Jun 2024

A report from cybersecurity firm, Mandiant, has identified 165 potential victims of the hacking firm UNC5537, where a significant volume of data has been stolen from Snowflake users.

The criminals believed to have used compromised login information to gain access to the data warehousing platform.

A number of recent high-profile cybesecurity breaches are being linked to this incident, including attacks on Ticketmaster and Santander Bank.

In a blog post, the Google-owned firm said Mandiant tracks this cluster of activity as UNC5537.

“UNC5537 is systematically compromising Snowflake customer instances using stolen customer credentials, advertising victim data for sale on cybercrime forums, and attempting to extort many of the victims,” said the blog post.

As a direct result of weak security practices, where stolen login details were not updated or multi-factor authentication was not implemented, it is now believed a number of these compromised credentials date back almost four years. Cyber criminals from UNC5537 then stole data and tried to sell it on online forums.

After a joint investigation by Snowflake and Mandiant, evidence of illegal access to Snowflake customer instances started from 14 April, followed by advertisements on 24 May of Snowflake customer data for sale online by cybercriminals.

Snowflake Alerts Potential Victims

As soon as Mandiant uncovered evidence finding that a major plan specifically targeting Snowflake customers, Snowflake contacted suspected victims through its Victim Notification Program.

The US Cybersecurity and Infrastructure Security Agency (CISA) also sent out an alert warning cybercriminals are actively targeting Snowflake and to monitor for any suspicious activity.

“We continue to work closely with our customers as they harden their security measures to reduce cyber threats to their businesses, and we are developing a plan to require our customers to implement advanced security controls, like multi-factor authentication (MFA) or network policies,” said Snowflake.

Join Tech Show Paris

27-28 November 2024, Porte de Versailles, Paris

Be a part of the latest tech conversations and discover pioneering innovations in Paris.

Don’t miss one of the most exciting technology events of the year for France.

Written by Thu 13 Jun 2024

Send us a correction Send us a news tip