Hackers steal “significant volume” of data from hundreds of Snowflake customers
As many as 165 customers of cloud storage provider Snowflake have been compromised by a group that obtained login credentials through information-stealing malware, researchers said Monday.
On Friday, Lending Tree subsidiary QuoteWizard confirmed it was among the customers notified by Snowflake that it was affected in the incident. Lending Tree spokesperson Megan Greuling said the company is in the process of determining whether data stored on Snowflake has been stolen.
“That investigation is ongoing,” she wrote in an email. “As of this time, it does not appear that consumer financial account information was impacted, nor information of the parent entity, Lending Tree.”
Santander, Spain’s biggest bank, said recently that data belonging to some of its customers has also been stolen. The same group advertising the Ticketmaster data offered the sale of Santander data. Researchers from security firm Hudson Rock said that stolen data was also stored on Snowflake. Santander has neither confirmed nor denied the claim.
Mandiant’s Monday post said that all the compromises it has tracked so far were the result of login credentials for Snowflake accounts being stolen by infostealer malware and stored in vast logs, sometimes for years at a time. None of the affected accounts made use of multifactor authentication, which requires users to provide a one-time password or additional means of authentication besides a password.
