Snowflake revealed a “limited number” of its customers are being targeted in a credential theft campaign. The company confirmed no vulnerabilities or breaches within its own platform or staff credentials caused the issue. Attackers are leveraging credentials obtained through information-stealing malware.
The focus is on users with single-factor authentication, urging a switch to multi-factor authentication (MFA). Snowflake, along with cybersecurity entities like CrowdStrike and Mandiant, recommends enabling MFA and restricting network traffic to trusted sources. Alerts from CISA and ACSC emphasize the importance of these precautions to prevent unauthorized access.
Recent observations noted an increase in malicious attempts to access Snowflake customer accounts. Malicious connections were identified from clients named “rapeflake” and “DBeaver_DBeaverUltimate.” Initial reports linked the Ticketmaster and Santander Bank breaches to Snowflake credentials, but these claims were retracted following legal intervention.
The attackers, identified as a teen crime group, continue to exploit weak authentication methods, highlighting the critical need for robust security measures like MFA.
Want to read more? Click here!
