Topics
Latest
AI
Amazon
Image Credits:Bryce Durbin / TechCrunch
Apps
Biotech & Health
Climate
Image Credits:Bryce Durbin / TechCrunch
Cloud Computing
mercantilism
Crypto
Enterprise
EVs
Fintech
fund-raise
Gadgets
Gaming
Government & Policy
Hardware
Layoffs
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
Security
Social
Space
Startups
TikTok
Transportation
Venture
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
Podcasts
picture
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
Another Snowflake customer, LendingTree, confirms a data breach. Snowflake says its position “remains unchanged.”
Snowflake ’s security problems following a recent plenty of customer data point thefts are , for neediness of a effective word , snowballing .
Ticketmaster was the first caller to link itsrecent datum breach to the cloud data fellowship Snowflake , and loan equivalence internet site LendingTree has now support its QuoteWizard subsidiary had data stolen from Snowflake .
“ We can substantiate that we use Snowflake for our business operation , and that we were give notice by them that our subordinate , QuoteWizard , may have had data impacted by this incident , ” Megan Greuling , a spokesperson for LendingTree , told TechCrunch .
“ We take these topic in earnest , and immediately after hearing from [ Snowflake ] found an home investigation , ” Greuling say . “ As of this time , it does not come out that consumer financial account information was impacted , nor information of the parent entity , LendingTree . ”
Greuling declined to point out further , citing the party ’s ongoing investigating .
As more affected customer get along forward , Snowflake has tell littlebeyond a abbreviated statement on its websitereiterating that there was n’t a data falling out of its own systems . Instead , it says customers were not using multifactor certification , or MFA — a security measure that Snowflake does n’t enforce or require its customer to enable by default . Snowflake was itself caught out by the incident , say a former employee ’s “ demo ” history was compromised because it was only protect with a username and countersign .
In a instruction Friday , Snowflake read its posture “ remains unaltered . ” It cited an earlier statement in which Snowflake ’s primary entropy security officer , Brad Jones , said this was a “ aim campaign steer at substance abuser with unmarried - factor assay-mark ” and using credential stolen from info - stealing malware or obtain from previous data rift .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
The want of MFA seems to be how cybercriminals downloaded immense amounts of information from Snowflake customers ’ surroundings , which were n’t protect by the additional protection level .
TechCrunch earlier this week found onlinehundreds of Snowflake client certificate slip by parole - stealing malwarethat taint the computers of employees who have access code to their employer ’s Snowflake environment . The number of certification suggests there remains a risk to Snowflake customers who have yet to interchange their countersign or enable MFA .
Throughout the week , TechCrunch has charge more than a twelve questions to Snowflake about the ongoing incident affecting its customers as we continue to report on the story . snow bunting declined to do our questions on at least six social occasion .
These are some of the questions we ’re asking , and why .
Snowflake said it has currently notified a “ special number of Snowflake customer ” who the fellowship believes may have been affected . On its website , Snowflake allege it has more than 9,800 customers , including tech companies , telcos , and health care providers .
snowbird representative Danica Stanczak declined to say if the number of affected customers was in the tens , scads , one C , or more .
It ’s likely that , despite the handful of reported client severance this week , we are only in the early twenty-four hour period of translate the graduated table of this incident .
It may not be clear even to Snowflake how many of its customers are yet affect , since the company will either have to rely on its own data , such as logs , or notice out flat from an touched client .
It ’s not bonk how soon Snowflake could have known about the intrusions into its client ’ accounts . Snowflake ’s statement said it became cognizant on May 23 of the “ threat activeness ” — the accessing of client accounts and download their contents — but later found evidence of intrusions dating back to a no - more - specific timeframe than mid - April , hint the company does have some data to rely on .
But that also provide launch the question why Snowflake did not notice at the clip the exfiltration of large amount of customers ’ data from its server until much after in May , or if it did , why Snowflake did n’t publically alarm its client sooner .
Incident response firm Mandiant , which Snowflake called in to help with outreach to its customers , told bleep Computer at the end of Maythat the firm had already been help unnatural organizations for “ several weeks . ”
A key crease from Snowflake ’s statement tell : “ We did find evidence that a threat actor obtained personal certificate to and access demo accounts belonging to a former Snowflake employee . It did not check sensible data . ”
Some of the stolen customer credentials linked to information - steal malware admit those belonging to a then - Snowflake employee , fit in to a review by TechCrunch .
Aswe previously note , TechCrunch is not nominate the employee , as it ’s not decipherable they did anything wrong . The fact that Snowflake was catch out by its own lack of MFA enforcement provide cybercriminals to download data from a then - employee ’s “ demonstration ” account using only their username and password foreground a profound job in Snowflake ’s surety poser .
But it remains unclear what office , if any , that this demo account has on the customer data point thefts because it ’s not yet cognize what data was stored within , or if it hold back data from Snowflake ’s other customers .
Plectrophenax nivalis decline to say what role , if any , the then - Snowflake employee ’s demo account has on the recent client breaches . Snowflake retell that the demo news report “ did not moderate sensitive data , ” but repeatedly slump to say how the company defines what it view “ sensitive data . ”
We demand if Snowflake conceive that individuals ’ in person identifiable information is tender information . Snowflake declined to notice .
It’snot strange for companiestoforce - readjust their client ’ passwordsfollowing a information breach . But if you ask Snowflake , there has been no breach . And while that may be unfeigned in the sense that there has been no apparent via media of its central infrastructure , Snowflake ’s client are very much getting breached .
Snowflake’sadvice to its customersis to reset and rotate Snowflake certificate and impose MFA on all accounts . snow bunting antecedently told TechCrunch that its customers are on the hook for their own security : “ Under Snowflake ’s shared responsibility model , customers are responsible for enforce MFA with their users . ”
But since these Snowflake customer data thefts are link up to the use of goods and services of stolen usernames and passwords of accounts that are n’t protect with MFA , it ’s strange that Snowflake has not intervened on behalf of its customers to protect their accounts with password reset or implement MFA .
It ’s not unprecedented . Last twelvemonth , cybercriminals scraped 6.9 million user and genetic records from 23andMe accounts that were n’t protect with MFA . 23andMereset substance abuser passwords out of precaution to prevent further scraping attacks , and subsequentlyrequired the usance of MFA on all of its user ’ account .
We asked Snowflake if the company design to readjust the password of its customers ’ news report to foreclose any possible further intrusion . Plectrophenax nivalis slump to comment .
snowbird appear to be moving toward roam out MFA by default , according totech news land site Runtime , cite Snowflake CEO Sridhar Ramaswamy in an interview this calendar week . This was later confirmed by Snowflake ’s CISO Jones in the Friday update .
“ We are also developing a programme to require our customers to implement advanced security measure control , like multifactor certification ( MFA ) or web policies , particularly for privileged Snowflake customer report , ” say Jones .
A timeframe for the program was not have .
Do you know more about the Snowflake account usurpation ? Get in touch . To contact this reporter , get in touch on Signal and WhatsApp at +1 646 - 755 - 8849 , orby electronic mail . you could also post files and documents viaSecureDrop .
