The Snowflake Hack
Alternate Title: At This Point, Just Assume All of Your Info is Public
Summary
Snowflake provides cloud data services for a number of big US companies. Snowflake uses a variety of different contractors to maintain their infrastructure. Infostealer malware was able to infect Snowflake infrastructure via contractor systems. As of today, approximately 165 companies have been compromised by this hack, leaking billions of customer data records.
Breakdown
List of companies affected by the Snowflake hack ranked by number of customer data records leaked:
Ticketmaster: 560 million records compromised, including customer names, email addresses, and transaction details.
Advance Auto Parts: Data of 380 million customers, including credit card data, employee information, and loyalty card numbers, with 2.3 million specific customer data pieces reported stolen.
AT&T: Nearly all wireless customers impacted, with call and text records compromised for approximately 110 million customers.
Neiman Marcus: 64,472 records, including personal information, customer transaction data, and gift card numbers.
Santander Bank: Customer data from Chile, Spain, and Uruguay, along with data on current and former employees, were compromised.
Pure Storage: Telemetry information including company names, LDAP usernames, and email addresses for more than 11,000 customers.
Anheuser-Busch, Mitsubishi, Allstate, Progressive, State Farm, and Los Angeles Unified School District: These organizations experienced breaches impacting varying amounts of data.
Infostealer malware is designed to steal login credentials, credit card numbers, personal identification details, and other confidential data. It typically works by capturing data entered by users, extracting information stored on the device, or intercepting data as it is transmitted over the internet. Popular examples of Infostealer malware are Vidar, Redline, and Raccoon.
Quotes
"Companies could have at least required multi-factor authentication to be used on their Snowflake instances."
"It seems like every other week we end up having the new largest data breach in human history."
"None of this is going to change if you, the end customer, don't vote with your dollar."
Recommendations for Businesses
Stay vigilant against scam calls, texts, and identity theft.
Use multi-factor authentication wherever possible to secure accounts.
Avoid mixing personal and work activities on the same system.
Regularly update passwords, especially if they have been compromised before.
Use legitimate sources for software to reduce malware risk.