This website uses cookies

Our website, platform and/or any sub domains use cookies to understand how you use our services, and to improve both your experience and our marketing relevance.

Cloudways Copilot is here. Get Access to your Intelligent Hosting Assistant Today! Learn More

Snowflake Compromised: Hackers Exploit Stolen Credentials

Updated on June 5, 2024

2 Min Read
Snowflake Compromised: Hackers Exploit Stolen Credentials


Snowflake, the cloud computing and analytics giant, has raised an alarm about a credential theft campaign hitting a “limited number” of its customers.

In a joint statement with cybersecurity firms CrowdStrike and Google-owned Mandiant, Snowflake reassured users: “We have not found any evidence suggesting that this activity resulted from a vulnerability, misconfiguration, or breach of Snowflake’s platform.” They also confirmed that the activity wasn’t due to compromised credentials of their current or former employees.

The attackers seem to be focusing on users with single-factor authentication, using credentials stolen via information-stealing malware.

via GIPHY

Mandiant CTO Charles Carmakal shared on LinkedIn, “Threat actors are actively compromising organizations’ Snowflake customer accounts by using stolen credentials from infostealing malware and logging into databases configured with single-factor authentication.”

To combat this, Snowflake is advising organizations to enable multi-factor authentication (MFA) and restrict network access to trusted locations only.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on Monday, urging organizations to follow Snowflake’s guidance to detect unusual activity and prevent unauthorized access. Similarly, the Australian Cyber Security Centre (ACSC) warned of successful breaches in companies using Snowflake environments.

Signs of the attacks include malicious connections from clients identifying themselves as “rapeflake” and “DBeaver_DBeaverUltimate.”

This warning follows Snowflake’s recent acknowledgment of increased malicious activity targeting customer accounts on its cloud platform.

A report from cybersecurity firm Hudson Rock had earlier suggested that breaches at Ticketmaster and Santander Bank might have been caused by attackers using a Snowflake employee’s stolen credentials. However, this report has been retracted after Snowflake’s legal intervention. The exact cause of these breaches remains unclear, with the hacker persona ShinyHunters denying Hudson Rock’s claims, calling them “disinformation.”

Independent security researcher Kevin Beaumont emphasized the importance of robust multi-factor authentication, noting that infostealers have become a significant problem, outpacing botnets. It is believed that a teen crime group is behind these incidents.

Share your opinion in the comment section. COMMENT NOW

Share This Article

Start Growing with Cloudways Today.

Our Clients Love us because we never compromise on these

Abdul Rehman

Abdul is a tech-savvy, coffee-fueled, and creatively driven marketer who loves keeping up with the latest software updates and tech gadgets. He's also a skilled technical writer who can explain complex concepts simply for a broad audience. Abdul enjoys sharing his knowledge of the Cloud industry through user manuals, documentation, and blog posts.

×

Webinar: How to Get 100% Scores on Core Web Vitals

Join Joe Williams & Aleksandar Savkovic on 29th of March, 2021.

Do you like what you read?

Get the Latest Updates

Share Your Feedback

Please insert Content

Thank you for your feedback!

Do you like what you read?

Get the Latest Updates

Share Your Feedback

Please insert Content

Thank you for your feedback!

Want to Experience the Cloudways Platform in Its Full Glory?

Take a FREE guided tour of Cloudways and see for yourself how easily you can manage your server & apps on the leading cloud-hosting platform.

Start my tour