Data Breach Insights
Snowflake Account Takeover Data Breach
- One of the largest data breaches ever
- No MFA and hundreds of customer passwords shared online
- Biometric authentication would have likely prevented it
What Happened
According to a June 6, 2024 Wired article a hack against customers of the cloud storage company Snowflake looks like it may turn into one of the biggest-ever data breaches. Last week, Snowflake, which allows companies to store huge datasets on its servers, revealed that criminal hackers had been attempting to access its customers’ accounts using stolen login details. Data breaches targeting Ticketmaster and Santander have been linked to the attacks.
In the days since Snowflake first said a “limited number” of customer accounts had been accessed, however, cybercriminals have publicly claimed to be selling stolen data from two other major firms and alleged the information was taken from Snowflake accounts. At the same time, TechCrunch reported that hundreds of Snowflake customer passwords have been found online and are accessible to cybercriminals.
Amid the claims, there remains uncertainty about the scope and scale of the attempted attack against Snowflake customers, who the attackers may be, and how an attack tool callously named “rapeflake” operates. It also highlights the growth in the use of infostealer malware in recent years and underscores the need for third-party software providers and companies to turn on multi-factor authentication to reduce the chances of accounts being compromised.
How It Happened
Snowflake chief information security officer Brad Jones said that this was a “targeted campaign directed at users with single-factor authentication” and using credentials stolen from info-stealing malware or obtained from previous data breaches.
The lack of MFA appears to be how cybercriminals downloaded huge amounts of data from Snowflake customers’ environments, which weren’t protected by the additional security layer.
authID Impact
If all Snowflake customer accounts enrolled the account owner’s facial biometrics in authID’s robust biometric authentication solution for login access, it would require attackers to authenticate using their face to access the different Snowflake customer accounts. authID’s authentication would be unaffected by smishing attacks, SIM swap attacks, or device malware attacks, which can compromise traditional MFA solutions. This is because authID’s biometric authentication is not tied to any device or phone number but is directly bound to the Snowflake account. If an attacker attempted to use a digital facial image of a Snowflake account owner by presenting it to a camera or injecting it through software, hardware, or network methods, it would be identified as a presentation or injection attack, resulting in blocked access.
According to IBM Cost of a Data Breach Report - 2023
The average data breach in the US last year cost business $4.4M. Biometric verification would have helped stop it.
Set up a free 30-day trial today to help prevent a data breach!
According to IBM Cost of a Data Breach Report - 2023