Mandiant says hackers stole a ‘significant volume of data’ from Snowflake customers

Topics

a la mode

AI

Amazon

Image Credits:Joan Cros / NurPhoto / Getty Images

Apps

Biotech & Health

mood

Cloud Computing

Commerce

Crypto

Enterprise

EVs

Fintech

fundraise

Gadgets

punt

Google

Government & Policy

Hardware

Instagram

Layoffs

Media & Entertainment

Meta

Microsoft

Privacy

Robotics

surety

societal

Space

inauguration

TikTok

conveyance

speculation

More from TechCrunch

Events

Startup Battlefield

StrictlyVC

Podcasts

Videos

Partner Content

TechCrunch Brand Studio

Crunchboard

get through Us

Security researchers say they conceive financially motivated cybercriminals have steal a “ significant volume of data ” from hundred of client host their Brobdingnagian cant of data with cloud storage giant Snowflake .

Incident reception house Mandiant , which is working with Snowflake to investigate the recent spate of datum thefts , saidin a blog post Mondaythat the two business firm have notified around 165 customers that their data point may have been steal .

It ’s the first time that the numeral of bear on Snowflake customer has been disclose since the account hack began in April . Snowflake has enunciate little to particular date about the attacks , only that a “ limited telephone number ” of its customer are affected . The cloud information titan has more than 9,800 incorporated client , like health care organizations , retail whale and some of the domain ’s largest technical school companies , which use Snowflake for data point analytics .

So far , only TicketmasterandLendingTree have confirmeddata theft where their stolen datum was hosted on Snowflake . Several other Snowflake customers say they are currently investigating potential data theft from their Snowflake environs .

Mandiant said the terror campaign is “ on-going , ” suggesting the number of Snowflake incorporated customers reporting data thefts may jump .

Inits blog post , Mandiant attribute the bill taxicab to UNC5537 , an as - yet - unclassified cybercriminal ring that the security firm says is motivated by making money . The gang , which Mandiant says includes members in North America and at least one phallus in Turkey , attempt to extort its victims into paying to get their files back or to prevent the public release of their client ’ data .

Mandiant confirm the approach — which trust on the usage of “ stolen credential to enter the customer ’s Snowflake instance and in the end exfiltrate valuable data ” — date back to at least April 14 , when its research worker first identified evidence of improper memory access to an unnamed Snowflake customer ’s environment . Mandiant tell it notify Snowflake to its customer account invasion on May 22 .

The security firm said the absolute majority of stolen credentials used by UNC5537 were “ available from historical infostealer infections , ” with some dating as far back as 2020 . Mandiant ’s findingsconfirm Snowflake ’s circumscribed disclosure , which said there was n’t a unmediated break of Snowflake ’s own system but blame its client accounts for not using multi - factor hallmark ( MFA ) .

Last workweek , TechCrunch discover pass on onlinehundreds of Snowflake client certificate steal by malwarethat taint the computing equipment of staffer who have access to their employer ’s Snowflake environs . The number of certification available online unite to Snowflake environment suggests an on-going risk to customer who have not yet change their passwords or enabled MFA .

Mandiant said it has also catch “ hundreds of customer Snowflake credentials display via infostealers . ”

For its part , Snowflake does not expect its customers to use by nonpayment or enforce the security feature ’s use . In a abbreviated update on Friday , Snowflake has said it ’s “ make grow a plan ” to enforce the use of MFA on its customer ’ accounts , but has not yet provided a timeline .

Snowflake spokesperson Danica Stanczak refuse to say why the company has n’t reset client passwords or impose MFA . Plectrophenax nivalis did not right away notice on Mandiant ’s blog post Monday .

Do you know more about the Snowflake account trespass ? Get in touch . To contact this reporter , get in speck on Signal and WhatsApp at +1 646 - 755 - 8849 , orby electronic mail . you could also post Indian file and written document viaSecureDrop .