A recent hack targeting customers of the cloud storage company Snowflake is shaping up to be one of the largest data breaches ever. Criminal hackers have been attempting to access accounts using stolen login details, impacting notable companies like Ticketmaster and Santander. Snowflake initially reported that only a limited number of customer accounts were accessed. Still, cybercriminals have since claimed to be selling data from other major firms, including Advance Auto Parts and LendingTree.
The situation has escalated, with hundreds of Snowflake customer passwords found online and accessible to cybercriminals. The breach underscores the rising use of infostealer malware, which extracts login details from compromised devices. Snowflake, in collaboration with cybersecurity firms CrowdStrike and Mandiant, has determined that the attack primarily targeted accounts with single-factor authentication. The company urges customers to enable multifactor authentication to mitigate the risk.
While the origin of the stolen data remains unclear, it highlights the vulnerabilities inherent in interconnected services provided by third-party vendors. Companies like Snowflake increasingly advise their clients to enforce strict security measures and reset login credentials to prevent further breaches. The US Cybersecurity and Infrastructure Security Agency and Australian Cyber Security Center have issued alerts regarding the incident, emphasising the need for enhanced cybersecurity practices.