Snowflake to Close Probe Into Cyberattack Targeting Clients

Snowflake Inc. plans to close its own investigation this week into a hacking campaign that ensnared as many as 165 of its customers.

Bloomberg
Updated13 Jun 2024, 11:37 PM IST
Snowflake to Close Probe Into Cyberattack Targeting Clients
Snowflake to Close Probe Into Cyberattack Targeting Clients

(Bloomberg) -- Snowflake Inc. plans to close its own investigation this week into a hacking campaign that ensnared as many as 165 of its customers.

The cloud data and analytics company hasn’t detected any unauthorized access into customer accounts since early last week, Chief Information Security Officer Brad Jones, said in an interview with Bloomberg News. The company said on June 2 that hackers had launched a “targeted campaign” directed against Snowflake users that used single-factor authentication techniques.

The full scope of the data theft among Snowflake customers remains unclear. Cyber firm Mandiant, a unit of Google Cloud that’s helping Snowflake investigate the incident, said Monday that it had informed 165 “potentially exposed organizations” about their possible vulnerability. Only a handful of customers such as Live Nation Entertainment Inc., Pure Storage Inc. and Advanced Auto Parts so far have suggested that they experienced Snowflake-related issues. 

The shares rose as much as 1.5% on the news before erasing the gains. The stock was down 2.2% to $127.44 at 1:05 p.m. in New York.

Hackers used stolen credentials that were available in places like cybercriminal forums to access customer accounts, which lacked security measures such as multifactor authentication, Jones said. The attackers didn’t access a file of Snowflake logins, but rather used stolen usernames and passwords to infiltrate the accounts, assuming that people reuse their credentials, he said. 

Snowflake doesn’t have visibility into how much customer data was stolen, Jones said. The company has been working with law enforcement, in addition to Google’s Mandiant and CrowdStrike Holdings Inc., to look into the matter.

Jones said the hacking campaign underscores that many threats are preventable. “We have a broader challenge in the security community and enterprises that a lot of people aren’t nailing the basics,” he said in a reference to multifactor authentication.

Snowflake became aware of the hacking effort on May 22, Jones said. The company blocked IP addresses linked to the hackers, working with commercial virtual private network vendors to do so, he added. Mandiant’s investigation began in April 2024 when it learned about leaked database records that the cyber firm later determined originated from a Snowflake customer account.

If customers failed to take action to secure potentially impacted accounts, Jones said, Snowflake locked those accounts to prevent further authorized access.

The company plans to release tools later this month that help customers accelerate adoption of security measures such as multifactor authentication, which requires someone to verify their identity in two or more ways before gaining access to their account.

Snowflake charges customers based on much they use the product — also known as consumption. This includes when they remove data from the system. Jones said that “no significant consumption” occurred as a result of hackers gained unauthorized access to customer accounts.

“It’s not like they were doing heavy computation on the data, just retrieving it,” Jones said when explaining why the hackers didn’t cause any meaningful additional Snowflake costs for customers.

Last week, Ticketmaster owner Live Nation said it had discovered “unauthorized activity” on a third-party cloud database. A person familiar with the situation said the account was hosted on Snowflake. On Friday, Advanced Auto Parts also that it was investigating reports that that it was involved in a “security incident related to Snowflake.”

Snowflake declined to comment on any specific customers.

Mandiant determined that a hacking group called called “UNC5537” was responsible for the attacks and that the gang hadn’t used “novel or sophisticated tools” to carry out the hack. Instead, the report said the hackers exploited the “large lists of stolen credentials” that “exist both for free and for purchase” on the dark web. Most suspected members of the gang are based in North America, researchers said.

(Updates with share price in fourth paragraph.)

More stories like this are available on bloomberg.com

©2024 Bloomberg L.P.

Catch all the Business News, Market News, Breaking News Events and Latest News Updates on Live Mint. Download The Mint News App to get Daily Market Updates.MoreLess
First Published:13 Jun 2024, 11:37 PM IST
HomeNewsSnowflake to Close Probe Into Cyberattack Targeting Clients

Get Instant Loan up to ₹10 Lakh!

  • Employment Type

    Most Active Stocks

    Bharat Electronics

    311.75
    02:57 PM | 22 JUL 2024
    5.45 (1.78%)

    Tata Steel

    160.20
    02:57 PM | 22 JUL 2024
    2.45 (1.55%)

    Wipro

    505.65
    02:57 PM | 22 JUL 2024
    -51.6 (-9.26%)

    Bharat Petroleum Corporation

    308.40
    02:57 PM | 22 JUL 2024
    4.6 (1.51%)
    More Active Stocks

    Market Snapshot

    • Top Gainers
    • Top Losers
    • 52 Week High

    Indian Hotels Company

    620.15
    02:55 PM | 22 JUL 2024
    42.9 (7.43%)

    Fertilizers & Chemicals Travan

    1,087.40
    02:55 PM | 22 JUL 2024
    70.4 (6.92%)

    NBCC India

    183.05
    02:55 PM | 22 JUL 2024
    11.25 (6.55%)

    Great Eastern Shipping Company

    1,371.95
    02:55 PM | 22 JUL 2024
    75.75 (5.84%)
    More from Top Gainers

    Recommended For You

      More Recommendations

      Gold Prices

      • 24K
      • 22K
      Bangalore
      75,510.00293.00
      Chennai
      75,657.000.00
      Delhi
      75,217.00732.00
      Kolkata
      75,144.00659.00

      Fuel Price

      • Petrol
      • Diesel
      Bangalore
      102.86/L0.00
      Chennai
      100.98/L0.23
      Kolkata
      104.95/L0.00
      New Delhi
      94.72/L0.00
      OPEN IN APP
      HomeMarketsPremiumInstant LoanBudget