A growing number of organizations are reporting breaches linked to their Snowflake accounts, with LendingTree’s subsidiary QuoteWizard being the latest victim. LendingTree confirmed that QuoteWizard had its data stolen, adding to the wave of credential-stuffing attacks targeting Snowflake clients. Snowflake, the cloud provider, emphasized the importance of multi-factor authentication, placing some responsibility on customers for preventing such breaches.
The Ticketmaster data breach, affecting 560 million customers, is suspected to have occurred after attackers gained access to its Snowflake account. Similarly, Advance Auto Parts recently fell victim to a breach where attackers stole three terabytes of data through its Snowflake account, including extensive customer profiles. These incidents highlight the severity of the ongoing threat, as even major companies with substantial security measures in place are vulnerable to such attacks.
Snowflake’s clientele includes prominent companies like Mastercard, AT&T, and Adobe, among others. Despite its reputation and the involvement of cybersecurity experts like CrowdStrike and Mandiant in the investigation, the breaches underscore the challenges of securing cloud-based data storage. As more organizations rely on cloud services for data management, the need for robust security measures becomes increasingly urgent to prevent unauthorized access and data theft.
