Hundreds of Snowflake customers may have been hit by breach that stole "significant" data
165 organizations notified of the incident so far
The number of organizations who have had their sensitive data stolen following the recent Snowflake breach is likely in the hundreds, new research has claimed.
A report from Mandiant, which is currently investigating the breach, says the two companies have notified 165 organizations - but as the attack is ongoing, the total number of victims will probably rise further.
Mandiant attributed the attack to UNC5537, which, since this is a brand new moniker, means this is either an entirely new threat actor, or one whose actual identity had not yet been confirmed.
Financially motivated attack
The researchers said the group was financially motivated, meaning this was not the work of a nation-state. Finally, most of its members apparently reside in North America, with at least one additional member being in Turkey.
"Mandiant's investigation has not found any evidence to suggest that unauthorized access to Snowflake customer accounts stemmed from a breach of Snowflake's enterprise environment," Mandiant said in its findings. "Instead, every incident Mandiant responded to associated with this campaign was traced back to compromised customer credentials."
It added it believes the group is trying to extort money from its victims, in exchange for keeping the data safe.
Snowflake is a major cloud storage firm with almost 10,000 corporate customers. News of a security incident at the company first started emerging in late May 2024, when Ticketmaster reported losing sensitive information on more than 500 million people.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Snowflake denied the breach originated from its infrastructure, and instead claimed the incident was the result of a successful credential stuffing attack. In a credential stuffing attack, the threat actor “stuffs” the platform with countless login combinations obtained elsewhere (usually bought off the black market) until it finds one that works.
Ticketmaster is not the only company that came forward with news of a breach and data theft. Advance Auto Parts also confirmed suffering an attack, with news reports claiming hundreds of millions of customers being compromised, as well as hundreds of thousands of employees. LendingTree, an online lending marketplace, also fell prey to the attack.
More from TechRadar Pro
- FBI takes control of notorious BreachForums cybercrime website
- Here's a list of the best firewalls today
- These are the best endpoint protection tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.