Getty Images/iStockphoto

Risk & Repeat: Sorting out Snowflake's security mess

This podcast episode discusses the recent attacks against Snowflake customers and a controversial report that claimed the cloud storage and analytics giant had been breached.

Cloud storage and data analytics giant Snowflake has come under fire in the wake of a report that claimed the company had suffered a "massive breach."

Last Thursday, cloud security vendor Mitiga said a threat actor tracked as UNC5537 was committing identity attacks against Snowflake's database customers by using stolen credentials to access accounts that lacked two-factor authentication. Shortly after, Snowflake said it also observed attacks against customers, but that it did not believe the activity was caused by a vulnerability, misconfiguration or abuse of the company's products.

On Friday, however, threat intelligence firm Hudson Rock published a report that claimed otherwise. The alleged threat actor behind the attacks told Hudson Rock via Telegram that they breached Snowflake's platform through an employee's ServiceNow account, obtaining session tokens that gave them access to customer databases.

Snowflake denied these claims on Saturday in a post to X, formerly known as Twitter, calling Hudson Rock's report "inaccurate" and noting that the report had been taken down. At around the same time, Snowflake published a joint statement with Mandiant and CrowdStrike declaring that they had found no evidence of a breach against Snowflake's platform and that the attacks were not a result of compromised credentials of current or former Snowflake personnel.

However, Snowflake did disclose that a threat actor "obtained personal credentials to and accessed demo accounts belonging to a former Snowflake employee," though the company said the demo accounts did not contain sensitive data or provide access to corporate or production systems.

As for Hudson Rock, the firm on Monday published a statement on LinkedIn saying that it removed its research "in accordance to a letter we received from Snowflake's legal counsel."

On this episode of the Risk & Repeat podcast, TechTarget editors Rob Wright and Alex Culafi discuss Snowflake's current security situation and what it says about the state of infosec today.

Subscribe to Risk & Repeat on Apple Podcasts.

Alexander Culafi is a senior information security news writer and podcast host for TechTarget Editorial.

Next Steps

Mandiant: 'Exposed credentials' led to Snowflake attacks

Dig Deeper on Data security and privacy

Enterprise Desktop
Cloud Computing