Los Angeles, California – Following a series of customer data thefts, Snowflake is facing escalating security issues. The cloud data company has come under scrutiny after Ticketmaster and loan comparison site LendingTree confirmed incidents where data was stolen from Snowflake’s systems.
LendingTree spokesperson Megan Greuling stated that the company utilizes Snowflake for business operations, with its subsidiary, QuoteWizard, potentially impacted by the data breach. Despite clarifying that consumer financial account information and information from the parent entity, LendingTree, were not affected, the spokesperson mentioned an ongoing internal investigation.
Snowflake has emphasized that the data breaches were not a result of its own systems being compromised but rather a lack of multi-factor authentication (MFA) by its customers. The company admitted that a former employee’s account was easily breached due to weak security measures. Snowflake’s chief information security officer maintained the stance that the incidents were targeted towards users with single-factor authentication.
As more details emerged, it was discovered that Snowflake customer credentials were stolen by password-stealing malware, exposing a significant risk to those who have not updated their passwords or enabled MFA. Despite repeated inquiries from TechCrunch, Snowflake remained guarded in its responses, declining to provide specific details about the extent of the breaches.
In regard to the affected customers, Snowflake has notified only a limited number, leaving uncertainty about the full scope of the situation. Questions remain about the timeliness of Snowflake’s response and the effectiveness of its security measures. Experts have raised concerns about Snowflake’s proactive steps towards enhancing security for its customers, especially in light of the ongoing breaches.
The company’s decision to implement MFA as a default security measure has drawn attention, with Snowflake’s CEO and CISO indicating a shift towards strengthening security controls. However, the lack of clarity surrounding the former employee’s demo account and its relevance to the breaches continues to raise questions about Snowflake’s overall security protocols.
Overall, the evolving situation highlights the importance of robust security measures in safeguarding customer data and the need for companies like Snowflake to take proactive steps to prevent future breaches. As investigations continue, the focus remains on ensuring the security and integrity of data within Snowflake’s systems.