cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Several Snowflake cloud computing customers hit by hackers

US cloud-computing and AI data cloud firm Snowflake has revealed that a number of its clients have suffered from cyber attacks.

user icon Daniel Croft
Fri, 07 Jun 2024
Several Snowflake cloud computingcustomers hit by hackers
expand image

In a joint statement with CrowdStrike and Mandiant, Snowflake revealed that the attacks appear to be part of a targeted campaign.

“We have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform,” said Snowflake.

“We have not identified evidence suggesting this activity was caused by compromised credentials of current or former Snowflake personnel, this appears to be a targeted campaign directed at users with single-factor authentication as part of this campaign, threat actors have leveraged credentials previously purchased or obtained through info-stealing malware, and we did find evidence that a threat actor obtained personal credentials to and accessed demo accounts belonging to a former Snowflake employee.


“It did not contain sensitive data. Demo accounts are not connected to Snowflake’s production or corporate systems. The access was possible because the demo account was not behind Okta or multifactor authentication (MFA), unlike Snowflake’s corporate and production systems.”

At least four major companies that are customers of Snowflake have been targeted in cyber attacks, including international automotive aftermarket retailer Advance Auto parts, which has 4,777 stores and 320 WorldPac branches throughout the US, the Virgin Islands, Mexico, Canada, Puerto Rico and several Caribbean islands.

The threat actor, who goes by Sp1d3r. claimed to have a massive amount of data, including the personal data of 380 million customers, including name, email, mobile, phone, address and more, 140 million customer orders, transaction tender details, sales history, auto parts and numbers, details of employment candidates, including social security numbers and driver’s licenses, and 44 million loyalty card numbers and customer details.

It is unclear if the same threat actor targeted the other victims.

While media reports suggest that Snowflake originally blamed the incident on its victims who did not have multifactor authentication involved, it has since deleted those statements.

It now says it has been advising its customers on how to stay safe.

“We have been communicating with our customers about how to best protect themselves, including enabling multifactor authentication and network access policies,” Snowflake chief information security officer Brad Jones told Cybersecurity Dive.

“Snowflake is also suspending certain user accounts where there are strong indicators of malicious activity. We have also been incrementally blocking IP addresses that we have identified and have a high confidence level that are associated with the cyber threat.”

Snowflake’s Data Cloud Summit, which started on Monday (3 June) in San Francisco, provided no additional answers for customers, with the company providing no updates on the matter.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.