Today, Snowflake, a digital storage provider recently surrounded by controversy due to the Ticketmaster breach, issued a joint statement with industry giants CrowdStrike and Mandiant. This statement addresses their preliminary findings in the ongoing investigation into a targeted threat campaign against some Snowflake customer accounts. Mandiant and CrowdStrike, both reputable players in Digital Forensics and Incident Response (DFIR), have a track

So apparently the hackers targeted Snowflake customers, Ticketmaster Santander etc, who FOR SOME REASON, DIDN’T HAVE 2FA TURNED ON ON THEIR SNOWFLAKE ACCOUNT?! HUH!!?

  • powerofm@lemmy.caEnglish
    4·
    26 days ago

    we have not identified evidence suggesting this activity was caused by compromised credentials of current or former Snowflake personnel;

    we did find evidence that a threat actor obtained personal credentials to and accessed demo accounts belonging to a former Snowflake employee. It did not contain sensitive data. Demo accounts are not connected to Snowflake’s production or corporate systems.

    They’re claiming that no breach occured on any production systems. If they were really just demo accounts, then skipping the MFA is understandable.