Snowflake account hacks linked to Santander, Ticketmaster breaches.

Snowflake is cloud-based data storage and analytics company based in the US, and claims nearly 9,500 organizations around the world as customers. Snowflake's cloud data platform is used by enterprise organizations including some of the largest companies worldwide, like Adobe, AT&T, Capital One, DoorDash, HP, Instacart, JetBlue, Kraft Heinz, Mastercard, Micron, NBC Universal, Nielsen, Novartis, Okta, PepsiCo, Siemens, US Foods, Western Union, Yamaha, and many others. With such customers as Santander and Ticketmaster in the news recently, the vendor denies that its products were to blame for the apparent data breach for both. With the TicketMaster hack upwards of 560 million customer personal and financial information and Santander upwards of 30 million, all eyes are on Snowflake.

According to the original post from Hudson Rock (which they have now taken off their website), the intruders were able to sign into a Snowflake employee’s ServiceNow account using stolen credentials, and from there were able to generate session tokens.  Snowflake states they have advised the limited number of customers affected but given the industries constant approach of DENY DENY DENY - time will tell the full scope of what has potentially been compromised.

As always, you want to ensure you have you have MFA enabled, leverage IP logon restrictions, and monitor for any suspicious behavior. Situations like this also reignite long standing arguments of the benefits of the cloud. If large scale organizations can't protect your data, is the cloud really worth the trade off? Given the continued hardware improvements, hosting even your own small data center is not out of the picture for non-enterprise organizations.