In the past weeks we’ve witnessed some of the biggest data breaches of the year, and more data breaches are expected to unfold in the coming weeks. Ticketmaster was affected by a breach where 1.3 TB of customer data representing half a billion customers was exposed, and Santander reported a data breach impacting 30 million of customers. Shinyhunters, the hackers collective responsible for the breaches, is putting up the data dumps from Ticketmaster and Santander for sale at resp. USD 500K and USD 2 million.
What exactly happened is still speculated at the time of writing. HudsonRock claimed that Snowflake’s servers got breached, which Snowflake denies in an official statement, claiming that the hackers got unauthorised access to the customers’ individual accounts using stolen credentials.
"Research indicates that these types of attacks were performed using our customers' user credentials that were exposed through unrelated cyber threat activity."
We agree that it is way more likely that hackers got access to Snowflake environments using compromised end users’ credentials to extract enormous amounts of data, as claimed by Snowflake. This is in fact, the most common way for data breaches to occur. According to the 2024 Verizon breach report, credentials of web applications are the primary vector of attack, meaning that most data breaches take place through a hacker getting access to a web application through stolen credentials, social engineering, or credential stuffing..
This type of data breaches will continue to happen. Hackers operate like any kind of other business striving for optimal ROI. With cloud data providers like Snowflake becoming household names and storing enormous amounts of sensitive data, we can expect more and more hackers investing in developing attack patterns on these providers.
What do you have to do? In our opinion, it will be a combination of measures. At the perimeter, Snowflake rightly recommends to:
These measures are aimed at preventing a data breach, but Data Teams will have to add additional lines of defence for when the breach actually occurs.
Setting up these lines of defence while continuing to support the business with their demand for data and insights will be very challenging without help.
Reach out to info@raito.io to learn how we can help!
Bart