Security researchers suspect financially motivated cybercriminals have stolen a significant volume of data from Snowflake’s customers. Snowflake observed a surge in cyber threat activity targeting customer accounts, believed to be part of identity-based attacks to obtain customer data. Although the activity does not stem from vulnerabilities within Snowflake’s product, the company promptly informed impacted customers and provided guidance for investigating potential threats.
Snowflake detected unauthorized access to certain customer accounts, sparking an investigation into increased threat activity starting in mid-April 2024. They shared indicators of compromise and hardening recommendations to aid potentially affected customers in securing their accounts. As part of their transparency efforts, Snowflake made the indicators and investigative queries publicly available through a Community Security Bulletin, which will be updated as the investigation progresses.
Despite claims suggesting Snowflake’s involvement in the breach, the company refutes any evidence linking the activity to its platform or the compromise of customer credentials. The investigation, supported by cybersecurity experts CrowdStrike and Mandiant, suggests the attack targets users with single-factor authentication and leverages previously obtained credentials through infostealing malware. Snowflake continues to collaborate with affected customers, urging the implementation of advanced security controls like multi-factor authentication and network policies.
In response to ongoing threats, Snowflake advises organizations to enforce multi-factor authentication, set up network policy rules, and reset Snowflake credentials. They remain engaged with customers and authorities, emphasizing the importance of enhanced security measures to mitigate cyber threats effectively. Despite the challenges posed by the attack, Snowflake remains committed to transparency and proactive measures to safeguard customer data.
