Consumer Data from LendingTree's QuoteWizard Sold by Hackers
Hackers have illicitly accessed and are now selling consumer data belonging to QuoteWizard, a subsidiary of LendingTree Inc. This incident emerged following the detection of unauthorized entry into a cloud database maintained by Snowflake Inc.
The compromised data has appeared in numerous listings across cybercriminal forums, with criminals auctioning it to the highest bidder. Despite these developments, LendingTree maintains that its operational activities remain unaffected. Currently, they are meticulously evaluating the breadth and impact of this data breach.
Details concerning the method of data theft have not been clarified yet. Arun Sankaran, LendingTree's Chief Information Security Officer, stated that the investigation is ongoing and assured that affected customers would be notified once it concludes. He emphasized that this breach has not compromised any information pertaining to LendingTree's parent company or the financial account details of QuoteWizard customers.
In reaction to this breach, LendingTree's share prices dipped by approximately 2.5% in extended trading, following a closure at $40.79. Notably, the stock had appreciated by 34% since the start of the year until this recent trade.
LendingTree, which uses Snowflake for its data analytics operations, received an early notification about the potential impact on QuoteWizard. Meanwhile, the company is investigating if this breach is part of a broader hacking campaign targeting Snowflake clients. This campaign had reportedly utilized stolen login credentials to access the accounts of up to 165 Snowflake customers, as highlighted by Google's Mandiant security division.
Megan Greuling, a spokesperson for LendingTree, underscored the seriousness with which the company is treating this incident, initiating an internal investigation immediately after being alerted. Snowflake has addressed the situation in a blog post dated June 10, without providing additional comments when approached.