Hundreds of Snowflake customer passwords found online are linked to info-stealing malware

As reported on:

Snowflake helps some of the largest global corporations — including banks, healthcare providers and tech companies — store and analyze their vast amounts of data, such as customer data, in the cloud.

Last week, Australian authorities sounded the alarm saying they had become aware of “successful compromises of several companies utilising Snowflake environments,” without naming the companies. Hackers had claimed on a known cybercrime forum that they had stolen hundreds of millions of customer records from Santander Bank and Ticketmaster, two of Snowflake’s biggest customers. Santander confirmed a breach of a database “hosted by a third-party provider” but would not name the provider in question. On Friday, Live Nation confirmed that its Ticketmaster subsidiary was hacked and that the stolen database was hosted on Snowflake

Snowflake acknowledged in a brief statement that it was aware of “potentially unauthorized access” to a “limited number” of customer accounts, without specifying which ones, but that it has found no evidence there was a direct breach of its systems. Rather, Snowflake called it a “targeted campaign directed at users with single-factor authentication” and that the hackers used “previously purchased or obtained through infostealing malware,” which is designed to scrape a user’s saved passwords from their computer.