Information leakage at Snowflake

Snowflake is a US company focused on cloud-based data storage and analysis, serving 9500 companies worldwide, which has suffered a cyberattack in which the data of 400 customers has been stolen, according to the actor responsible.

The company has denied that the attack was caused by a vulnerability in its products or compromised employee accounts. Instead, they suggest that it originated from compromised user accounts that did not have two-factor authentication systems configured. It is believed that the attackers obtained these users credentials by acquiring them through infostealers or other previous credential theft campaigns.

Supported by Crowdstrike and Mandiant, Snowflake is continuing its investigation into the compromised accounts, although as they state in their official statement, they dismiss that it was due to a platform vulnerability or the compromise of Snowflake employee accounts. In addition, they have contacted the affected users and have published a series of recommendations to detect possible unauthorized access.

However, the security company Hudson Rock initially claimed in a blog post published on May 31 that a Snowflake employee was infected with a Lumma-type infostealer in October and that they managed to gain access to the Snowflake structure, from where they modified the victims' access tokens. For this, he relies on an alleged image shared by the actor himself.

However, Hudson Rock has removed the post as of June 1.