Brad Jones, Snowflake's CISO, mentioned threat actors used login details from accounts obtained through infostealing malware in a targeted campaign against users with single-factor authentication.
Snowflake, alongside cybersecurity firms CrowdStrike and Mandiant, did not find evidence of the attack being caused by compromised credentials of current or former Snowflake personnel, but did confirm access to one former employee's demo accounts with no sensitive data.
Despite allegations, Snowflake denied the attack stemmed from platform vulnerabilities, misconfigurations, or breaches of its own platform, highlighting the lack of clarity on what constitutes a 'breach' in this context.
US Cybersecurity and Australia's Cyber Security Center issued alerts acknowledging the Snowflake incident, with reports of successful compromises in companies leveraging Snowflake environments.
[
Collection
]
[
|
...
]