Slow Reaction, Little Communication Regarding Snowflake Data Breach

The Snowflake data breach is known to have compromised two large U.S. companies, and there may be many more. According to TechCrunch, Snowflake, a cloud data storage company, is saying as little as possible, and reacting slowly to the security problems that the hackers exploited, writes reporter Zack Whittaker.

Ticketmaster was the first company identified as compromised by the breach. Now loan comparison site LendingTree has confirmed that its subsidiary, QuoteWizard, had data stolen. According to a Snowflake spokesperson, it doesn’t appear as if consumer financial account information from QuoteWizard was impacted.

Snowflake doesn’t require its customers to enable multi-factor identification by default. Snowflake CISO Brad Jones called the hack a “targeted campaign directed at users with single-factor authentication.” It used credentials stolen from info-stealing malware or obtained from previous data breaches.

TechCrunch found hundreds of Snowflake customers’ credentials online, which suggests there is still a risk to those who haven’t changed their passwords or enabled MFA.

TechCrunch continues to question Snowflake about what it calls “the ongoing incident affecting its customers,” but Snowflake declines to answer. It wouldn’t say, for example, if the number of affected customers were in the tens, dozens, hundreds, or more.

The publication speculates that it may not be clear how many of Snowflake’s customers had data stolen because the company must either rely on its logs for that information or find out directly from an affected customer.

It is likewise unclear how long the company could have known about the intrusions. Its statement said it became aware on May 23 of  “threat activity,” but subsequently found evidence of a breach dating back to mid-April. According to TechCrunch, that raises the question of why Snowflake didn’t detect the exfiltration of customers’ data from its servers until late May, or if it did, why it didn’t publicly alert its customers sooner.