Still More Snowflake Data Breach Ripples

The breach of cloud provider Snowflake continues to have more ripples on multiple fronts.  The US government has now accused a pair of culprits as responsible for the incident, particularly for using that attack to steal 50 billion customer call and text records from AT&T (that is, nearly all of them).  This sum amounted to around 110 million customers that required notification from the company, giving us the full scope of the breach for the first time.  Included in the data sets were Social Security numbers, driver’s license and passport numbers, and banking information.  Sensitive data has rarely been so compromised to this degree. 

After all, Snowflake has a number of high profile clients, such as MasterCard, LendingTree and ExxonMobil.  Last time we visited this story, it was to observe the theft of 3 TB of data from an automotive company that used a Snowflake account made vulnerable through the lack of multi-factor authentication.

According to the current indictment, the two perpetrators were able to extort around $2.5 million in bitcoin from three breached entities during the course of the year.  AT&T is known to have paid $370,000 in ransom to a hacker previously, though it’s not clear if these events are one and the same. 

Another major name in the initial Snowflake breach was Ticketmaster.  A major player in the concert ticketing sphere, they control around 70% of major US concert venues.  At the time of the incident, the dark web market BreachForums had an admin post a stolen customer dataset of 1.3 TB from 560 million customers.  Well, it seems that incident is also ongoing, as hackers continue to steal people’s tickets.  I’m guessing concert goers haven’t been so screwed over since Fyre Festival 2017 (gosh has it really been that long?)  Only after checking their emails did a number of customers discover their accounts were compromised and their tickets transferred away.  Some have been able to recover their tickets, but not everyone. 

Gizmodo assumes that Ticketmaster was hashing their passwords, and unless any evidence comes contrary, it seems logical that they wouldn’t have been stored in plaintext; though that doesn’t explain how the accounts are being accessed.  Encryption must be the default state for businesses and government agencies handling any amount of sensitive personal data.  We see what can happen to those in real life impacted by a breach: circumstances that have prompted UK agencies to remind organizations of the human toll, along with any financial damages.  NetLib Security’s Encryptionizer solution provides just such a strong layer of transparent encryption for stored data.  With no additional programming required, and minimal performance impact, it remains a vital tool for organizations that don’t want to become the next Snowflake.