The Snowflake Attack May Be Turning Into One of the Largest Data Breaches Ever

The tech world is abuzz with concerning news about a potential data breach of massive proportions, centered around Snowflake, a cloud data storage platform. 

A report states that hundreds of Snowflake customer passwords have been found online and are accessible to cybercriminals. With this Snowflake is under scrutiny: Security researchers have identified a series of cyberattacks targeting companies that utilize Snowflake for data storage.

Early reports suggest that stolen login credentials might have compromised data belonging to millions of users across various organizations. If confirmed, this could be one of the biggest data breaches ever recorded.

Several high-profile companies, including Ticketmaster (claiming 560 million impacted users) and Advance Auto Parts, are reportedly linked to the breach through their use of Snowflake. Some reports suggest the attacks might exploit vulnerabilities within Snowflake's security protocols. However, investigations are ongoing, and the full extent of the breach is yet to be determined.

While some reports mention a lack of enforced multi-factor authentication (MFA) on compromised accounts, this detail remains unconfirmed. Regardless, the incident highlights the importance of robust security measures beyond just passwords.

The number of alleged hacks targeting the customers of cloud storage firm Snowflake appears to be snowballing into one of the biggest data breaches of all time. A hack against customers of the cloud storage company Snowflake looks like it may turn into one of the biggest-ever data breaches.

It highlights the growth in the use of infostealer malware in recent years and underscores the need for third-party software providers and companies to turn on multifactor authentication to reduce the chances of accounts being compromised.

Another report says, some Advance Auto Parts staff and customer email addresses listed in sample data by the hacker appear to be legitimate accounts and the threat actors claim to be selling 3TB of data from Advance Auto Parts, a leading automotive aftermarket parts provider, stolen after breaching the company's Snowflake account.

Advance operates 4,777 stores and 320 Worldpac branches and serves 1,152 independently owned Carquest stores in the United States, Canada, Puerto Rico, the U.S. Virgin Islands, Mexico, and various Caribbean islands.

The US Cybersecurity and Infrastructure Security Agency has issued an alert about the Snowflake incident, while Australia's Cyber Security Center said it is “aware of successful compromises of several companies utilizing Snowflake environments.”