Snowflake Attack Update: Victim List Continues to Grow
- Weeks after data-cloud company Snowflake was attacked, the firm continues to struggle and its victim list continues to grow.
- Snowflake's personal investigation has revealed that it was not a vulnerability on its part that caused the breach. It started with the group compromising third parties that Snowflake did business with.
- Customers who hadn't enabled multifactor authentication were affected the most.
Snowflake - a US-based cloud storage provider - continues to struggle with consequences weeks after it was attacked by the cybercrime gang ShinyHunters. In fact, things took a turn for the worse.
It already has a long list of victims, and as per reports, the list keeps growing as more Snowflake customers are discovering breaches in their system.
For example, this week, Australian ticketing provider Ticketek reached out to its customers about a potential data leak. Information such as names, email addresses, and birthdates are believed to have been compromised.But whether this breach is linked to the Snowflake attack is yet to be confirmed. What we do know for sure is companies like Ticketmaster (a US-based ticketing firm) and Advance Auto Parts (a US-based car part retailer) are confirmed victims of the attack.
The latter even confirmed the attack in a security filing to the US Securities and Exchange Commission last week.
About the AttackThe attack first came to light around mid-June, when the return of a notorious cyber gang called UNC3944 was reported. It was initially believed that this gang was involved in the attack on Snowflake.
But it turns out, another gang called ShinyHunters is the mastermind behind the breach. And interestingly, a hacker who claims to be a part of the gang, recently came forward to reveal how they did it.
Apparently, they didn't directly exploit Snowflake's systems. Instead, they compromised US-based EPAM Systems (a software firm and a Snowflake elite partner) to deploy the attack.ShinyHunters had posted an ad on the dark web, selling the data of 560 million Ticketmaster customers, including their phone numbers, addresses, and partial credit card numbers.
This claim is backed by the fact that Snowflake has been saying for weeks that its own systems have not been compromised. But again, EPAM Systems is also denying being compromised. So in short, we still can't say for sure how exactly the breach took place.
What Does This Attack Tell Us about the Future of Cybersecurity?A lot about the attack and its impact are still unknown. But one thing that we know for sure is passwords alone aren't enough to keep you safe these days.
A lot of us are guilty of reusing old passwords or even using the same password across multiple sites and hackers are well-aware of this habit. So they exploit it for their own gain. So what's the solution here? Probably going passwordless.
Snowflake itself is urging its customers to turn on 2-factor authentication so that it will take two or more types of authentication to access one's account.These authentications include biometric lock, OTPs sent by SMS, login links sent by email, third-party authenticator apps, and so on.
It is always a good idea to use one of the best password managers that can generate random passwords for your account and remember them for you. This way, you won't end up setting simple or the same passwords for multiple online accounts.
The post Snowflake Attack Update: Victim List Continues to Grow appeared first on The Tech Report.