Snowflake Urges Stronger Security Protocols Amid Data Breach Investigations
Snowflake Inc. is urging its clientele to adopt stricter security measures following reports of potential data breaches at companies such as Advanced Auto Parts Inc. and Live Nation Entertainment Inc. The cloud-based data analytics firm has disclosed that hackers have targeted some of its customers by employing either information-stealing malware or purchased credentials to breach accounts lacking multifactor authentication (MFA).
In a recent blog post, Snowflake announced plans to mandate advanced security steps like MFA, which requires multiple forms of identity verification. This initiative arises shortly after Live Nation, the parent company of Ticketmaster, revealed "unauthorized activity" within a third-party cloud database holding its data. Reports suggest that this compromised database was hosted on Snowflake, although the source chose to remain anonymous as the information has not been publicly released.
A day after the Live Nation disclosure, Australian authorities issued a warning about increased cyber activities targeting Snowflake customers, noting several successful breaches. The following Friday, Advanced Auto Parts communicated that it was investigating reports of a "security incident" related to Snowflake, a matter initially reported by Axios.
Snowflake has emphasized that it is not responsible for the Live Nation data breach and is collaborating with Google’s Mandiant cybersecurity unit and CrowdStrike Inc. on the investigation. The company reiterated in its blog that no evidence points to a vulnerability within its platform as the cause of the recent hacker activities.
One cybercriminal was allegedly offering to sell data on 560 million Ticketmaster customers on the dark web, but Bloomberg News has yet to verify the accuracy of this claim. Information-stealing malware, used by hackers to harvest data like credit card numbers, web activity, and bank account details, has become increasingly prevalent, often sold via monthly subscriptions costing around $250, according to cybersecurity firm Flashpoint Inc.
ShinyHunters, a cybercrime group known for targeting large organizations, has claimed responsibility for the alleged Ticketmaster data theft. Since emerging in 2020, this group has purportedly stolen data from major entities like Microsoft Corp., Mashable, and the clothing brand Bonobos.