TechDogs-"Snowflake’s Troubles Grow After AT&T And Others Reveal Hack"

Cyber Security

Snowflake’s Troubles Grow After AT&T And Others Reveal Hack

By TechDogs Bureau

TD NewsDesk

Updated on Tue, Jul 16, 2024

Overall Rating
Recently, we reported on AT&T revealed that a cybercriminal had illegally downloaded AT&T customer data pertaining to around 100 million customers of the company.

AT&T said that the leak sprung from a third-party cloud platform, which was later named by spokesperson from the company as Snowflake Inc., an American cloud computing company.

The leak came as a part of a bigger hack carried out by the same cybercriminals on Snowflake’s cloud infrastructure, which was initially disclosed on May 30, 2024. Following the breach, Snowflake took several steps to fortify the breach point, inform potentially affected customers and seek the help of cybersecurity experts.

So, what did Snowflake reveal about the hack and its moves? Let’s explore!
 

What Did Snowflake Say?

 
  • Through a blog post published on its website that included subsequent updates, Snowflake revealed that it became aware of potentially unauthorized access to certain customer accounts on May 23, 2024.

  • In its initial investigation, the company learned that the threat activity began mid-April, stemming from a subset of IP addresses and suspicious clients.

  • Following the discovery, Snowflake shared the Indicators of Compromise (IoCs), investigative queries and recommendations to help potentially affected customers secure their accounts.

  • Snowflake even enlisted the help of third-party cybersecurity experts CrowdStrike and Google-owned Mandiant to help narrow down on the cause of the security lapse and help resolve the issue.

  • In the initial update, Snowflake said, “To date, we do not believe this activity is caused by any vulnerability, misconfiguration, or malicious activity within the Snowflake product.”

  • The investigation revealed that every instance Mandiant responded to was caused by compromised customer credentials.

  • This belief stood strong across the other updates provided by the company in the same blog post and even Mandiant’s reported findings.

 

What Did Google’s Mandiant Say?

 
  • As per a blog post published on its website, Mandiant reported that it found the bad actors had launched a campaign targeting customers of Snowflake.

  • The group, identified as UNC5537 AKA ShinyHunters, accessed Snowflake’s cloud environments through stolen customer credentials.

  • The intent of the group was to steal data and sell it on cybercrime forums or extort victims of the breach.

  • As per the release, “Mandiant's investigation has not found any evidence to suggest that unauthorized access to Snowflake customer accounts stemmed from a breach of Snowflake's enterprise environment.”

  • [Contd.] “Instead, every incident Mandiant responded to associated with this campaign was traced back to compromised customer credentials.”

  • In April 2024, Mandiant received threat intelligence of compromised data of a Snowflake customer and notified them.

  • Upon further investigation, Mandiant uncovered that the bad actors had leveraged infostealer malware to acquire stolen credentials and access an account that didn’t have multi-factor authentication enabled.

  • On May 22, 2024, Mandiant intimated Snowflake about a broad campaign to target its clients. The cybersecurity expert also notified potential victims.

  • Working together, Mandiant and Snowflake contacted over 165 potentially exposed organizations, while also coordinating with law enforcement.

  • These included businesses such as AT&T, Advance Auto Parts, LendingTree, Live Nation and Santander Bank.

  • According to a statement released by Santander, “No transactional data, nor any credentials that would allow transactions to take place on accounts are contained in the database, including online banking details and passwords.”

 TechDogs-"An Image By Mandiant Depicting The Attack Path"  

What Did Experts Say?

 
  • Tim Kravchunovsky, the founder and CEO of Chirp, a decentralized telecommunications network, spoke about how the incident highlighted vulnerabilities faced by networks on which people rely the most, as well as potential issues with Web2 services. 

  • Kravchunovsky, a Web3 professional, said, “It’s also concerning that it takes more than two years to report these breaches, so there is no guarantee something similar isn’t happening right now.”

  • He further mentioned that blockchain technology, which forms the basis of Web3, could make it possible to possess more secure databases, saying, “Storing the data on an immutable ledger and tracking threats in real-time allows for a rapid response before a breach occurs.”

  • “Of course, there’s never a guarantee that a breach like the one reported by AT&T couldn’t happen if the data were stored on the blockchain, but the odds are much slimmer. Plus, blockchain is transparent, so it’s impossible to hide such breaches for two years.”

  • Interestingly, AT&T paid off a member of the ShinyHunters hacking group through a transaction that involved 5.72 bitcoin, equaling around $373,646 at the time of the transaction, as per a report by WIRED.

  • Using blockchain tracking tools, WIRED and Chris Janczewski, head of global investigations for crypto-tracing firm TRM Labs, confirmed the transaction occurred.

  • Furthermore, the transaction was laundered through several cryptocurrency exchanges and wallets, with no clarity on who controlled the wallets.

  • The transaction was also confirmed by a person with the online handle Reddington, a security researcher who claims to be the middleman negotiating the payoff, which was initially $1 million.


Do you think businesses should consider turning to blockchain technology to secure their databases? Do you think enforcing more powerful and robust security measures should be made mandatory for businesses dealing with sensitive information and personal data?

Let us know in the comments below!

First published on Tue, Jul 16, 2024

Liked what you read? That’s only the tip of the tech iceberg!

Explore our vast collection of tech articles including introductory guides, product reviews, trends and more, stay up to date with the latest news, relish thought-provoking interviews and the hottest AI blogs, and tickle your funny bone with hilarious tech memes!

Plus, get access to branded insights from industry-leading global brands through informative white papers, engaging case studies, in-depth reports, enlightening videos and exciting events and webinars.

Dive into TechDogs' treasure trove today and Know Your World of technology like never before!

Disclaimer - Reference to any specific product, software or entity does not constitute an endorsement or recommendation by TechDogs nor should any data or content published be relied upon. The views expressed by TechDogs' members and guests are their own and their appearance on our site does not imply an endorsement of them or any entity they represent. Views and opinions expressed by TechDogs' Authors are those of the Authors and do not necessarily reflect the view of TechDogs or any of its officials. All information / content found on TechDogs' site may not necessarily be reviewed by individuals with the expertise to validate its completeness, accuracy and reliability.

Join The Discussion

- Promoted By TechDogs -

IDC MarketScape: Worldwide Modern Endpoint Security for Midsize Businesses 2024 Vendor Assessment

Join Our Newsletter

Get weekly news, engaging articles, and career tips-all free!

By subscribing to our newsletter, you're cool with our terms and conditions and agree to our Privacy Policy.

  • Dark
  • Light