Ticketmaster’s Snowflake data breach was just one of 165

Share via:


Security researchers are reporting that a “significant volume of data” has been stolen from hundreds of Snowflake cloud storage customers via compromised login credentials, with the incident being linked to massive data breaches at Ticketmaster and Santander Bank.

Mandiant, a security firm investigating the data theft alongside Snowflake, announced on Monday that it had tracked the activity to a “financially motivated threat actor” it identified as UNC5537. The two companies have notified at least 165 Snowflake customer organizations that may have been compromised since the ongoing threat activity was discovered in April, with Mandiant saying its investigation hasn’t found “any evidence to suggest” that Snowflake’s enterprise environment was breached.

Recent data breaches at Ticketmaster, Santander Bank, and LendingTree subsidiary QuoteWizard have been linked to Snowflake cloud storage accounts used by the companies. Official details regarding how the accounts were compromised have been slim until this point, with an earlier third-party report being taken offline after Snowflake issued a statement claiming the platform itself isn’t at fault.

Following its investigation, Mandiant says the yet unidentified UNC5537 group is “systematically compromising” Snowflake customers using login credentials stolen via historical infostealer malware infections on non-Snowflake-owned systems. Some of these credentials date back as far as 2020 and enabled UNC5537 to steal data from Snowflake customer instances in an attempt to sell it on cybercriminal forums and extort the victims.

Mandiant says the UNC5537 campaign has resulted in “numerous successful compromises” because of poor security practices on impacted accounts, which did not update stolen login credentials or utilize multi-factor authentication (MFA) or network allow lists. The list of victims, while largely unidentified, is also expected to grow, according to Mandiant, having assessed that UNC5337 will likely target additional platforms “in the near future.”



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

Ticketmaster’s Snowflake data breach was just one of 165


Security researchers are reporting that a “significant volume of data” has been stolen from hundreds of Snowflake cloud storage customers via compromised login credentials, with the incident being linked to massive data breaches at Ticketmaster and Santander Bank.

Mandiant, a security firm investigating the data theft alongside Snowflake, announced on Monday that it had tracked the activity to a “financially motivated threat actor” it identified as UNC5537. The two companies have notified at least 165 Snowflake customer organizations that may have been compromised since the ongoing threat activity was discovered in April, with Mandiant saying its investigation hasn’t found “any evidence to suggest” that Snowflake’s enterprise environment was breached.

Recent data breaches at Ticketmaster, Santander Bank, and LendingTree subsidiary QuoteWizard have been linked to Snowflake cloud storage accounts used by the companies. Official details regarding how the accounts were compromised have been slim until this point, with an earlier third-party report being taken offline after Snowflake issued a statement claiming the platform itself isn’t at fault.

Following its investigation, Mandiant says the yet unidentified UNC5537 group is “systematically compromising” Snowflake customers using login credentials stolen via historical infostealer malware infections on non-Snowflake-owned systems. Some of these credentials date back as far as 2020 and enabled UNC5537 to steal data from Snowflake customer instances in an attempt to sell it on cybercriminal forums and extort the victims.

Mandiant says the UNC5537 campaign has resulted in “numerous successful compromises” because of poor security practices on impacted accounts, which did not update stolen login credentials or utilize multi-factor authentication (MFA) or network allow lists. The list of victims, while largely unidentified, is also expected to grow, according to Mandiant, having assessed that UNC5337 will likely target additional platforms “in the near future.”



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

Meta’s Threads app launches custom feeds amid Bluesky surge

Meta’s Instagram Threads began rolling out a new custom...

Indian Startup Funding — Startups Raised $580 Mn This...

SUMMARY Indian startups cumulatively $579.5 Mn across 18 deals,...

Why UNIQLO confidently says no to e-comm marketplaces in...

The fashion retail landscape in India is quite competitive...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!