The series of alleged hacks targeting customers of cloud storage provider Snowflake is rapidly becoming a significant data breach. Snowflake, which enables companies to store vast amounts of data on its servers, recently announced that hackers have been attempting to access its customers’ accounts using stolen credentials. Breaches involving Ticketmaster and Santander have also been linked to these attacks.
Initially, Snowflake reported that only a “limited number” of customer accounts had been accessed. However, the situation has escalated as cybercriminals have claimed to be selling stolen data from two other major firms, alleging that this information originated from Snowflake accounts. Additionally, TechCrunch has discovered hundreds of Snowflake customer passwords online, making them easily accessible to cybercriminals.
Despite these claims, the full extent of the attacks on Snowflake customers remains uncertain. Questions about the identity of the attackers and the functionality of a malicious tool named “rapeflake” persist. This incident highlights the increasing use of infostealer malware and underscores the critical importance of multifactor authentication for third-party software providers and companies to reduce the risk of account compromises.