{"id":3078,"date":"2024-07-02T05:34:45","date_gmt":"2024-07-02T12:34:45","guid":{"rendered":"https:\/\/www.ssls.com\/blog\/?p=3078"},"modified":"2024-07-16T05:34:24","modified_gmt":"2024-07-16T12:34:24","slug":"massive-snowflake-breach-highlights-importance-of-enforcing-mfa","status":"publish","type":"post","link":"https:\/\/www.ssls.com\/blog\/massive-snowflake-breach-highlights-importance-of-enforcing-mfa\/","title":{"rendered":"Massive Snowflake breach highlights importance of enforcing MFA"},"content":{"rendered":"\n
\"\"<\/figure>\n\n\n\n

Recently, the cybersecurity world was shook by a data breach involving Snowflake, a cloud-based third-party server utilized by many companies to store huge datasets. Around 165 businesses<\/a>, including Ticketmaster and Santander Bank, are believed to have been impacted. 
<\/p>\n\n\n\n\n\n\n\n

Here\u2019s the lowdown on what happened and why MFA<\/a> is an essential component of securing online accounts.<\/p>\n\n\n\n

The breach<\/h2>\n\n\n\n

The Snowflake data breach first came to light on May 27 with a post<\/a> on the cybercrime forum Exploit. Asking for $500,000, the hacker advertised 1.3TB of Ticketmaster data, which included over 560 million people\u2019s names, addresses, credit card numbers, ticket sales, and more. 
<\/p>\n\n\n\n

Banking firm Santander then revealed<\/a> their customers\u2019 data had also been advertised in a hacking forum by a group called ShinyHunters. They claimed the data included 30 million people\u2019s bank account details, 6 million account numbers and balances, 28 million credit card numbers, and staff HR information.
<\/p>\n\n\n\n

Following the revelations, Snowflake<\/a> confirmed that data had been compromised and that it was aware of \u201cpotentially unauthorized access to certain customer accounts,\u201d it wasn\u2019t due to an issue with their platform: \u201cWe have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake\u2019s platform.\u201d
<\/p>\n\n\n\n

So, what was the issue?
<\/p>\n\n\n\n

Single-factor authentication accounts<\/h2>\n\n\n\n

When the data breach became known, Snowflake enlisted the help of cybersecurity firms Mandiant and Crowdstrike to find out the cause. They discovered<\/a> no evidence suggesting Snowflake\u2019s enterprise environment was breached, but found that the campaign targeted users with single-factor authentication that the hackers used \u201cpreviously purchased or obtained through infostealing malware.\u201d
<\/p>\n\n\n\n

The Snowflake platform allows customers to oversee their security environments, and didn\u2019t require its customers to set up multi-factor authentication (MFA). As a result, it seems hackers were able to glean huge amounts of data from Snowflake customers who didn\u2019t think of adding MFA to their security measures. 
<\/p>\n\n\n\n

Mandiant revealed that it had traced the data breach<\/a> to a \u201cfinancially motivated threat actor\u201d it identified as UNC5537. It says the campaign has resulted in \u201cnumerous successful compromises\u201d because of poor security practices such as lack of MFA and not updating stolen login credentials. Mandian expects the number of impacted accounts to grow and that UNC5337 will probably attack more platforms in the near future.
<\/p>\n\n\n\n

The importance of MFA<\/h2>\n\n\n\n

While it\u2019s true that Snowflake\u2019s platform wasn\u2019t compromised, many security experts have criticized the company for not enforcing MFA, which would have prevented such a large breach. Co-founder and chief security officer at Egnyte Kris Lahiri, told Information Week: 
<\/p>\n\n\n\n

\u201cEven sophisticated breaches are all coming down to user authentication compromise. This should be a wakeup call to all organizations to revisit basic security hygiene like ensuring MFA setup (the primary reason for this Snowflake compromise) and reviewing every company\u2019s supply chain of critical data vendors.\u201d
<\/p>\n\n\n\n

It\u2019s also important to be aware of potential credential leaks so you always know who has access to your accounts. To do this you can use a service like Mandiant Digital Threat Monitoring<\/a> or have i been pwned<\/a>? And remember to always practice good password hygiene. 
<\/p>\n","protected":false},"excerpt":{"rendered":"

Recently, the cybersecurity world was shook by a data breach involving Snowflake, a cloud-based third-party server utilized by many companies to store huge datasets. Around 165 businesses, including Ticketmaster and Santander Bank, are believed to have been impacted. <\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3078","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/3078","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/comments?post=3078"}],"version-history":[{"count":2,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/3078\/revisions"}],"predecessor-version":[{"id":3090,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/3078\/revisions\/3090"}],"wp:attachment":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/media?parent=3078"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/categories?post=3078"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/tags?post=3078"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}