Ticketmaster hacked con what’s believed to be a spree hitting Snowflake customers

Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware by purchasing them acceso online crime forums.

Ticketmaster parent Nation—which disclosed Friday that hackers gained access to it stored through an unnamed third-party provider—told TechCrunch the provider was Snowflake. The live-event scontrino broker said it identified the hack acceso May 20, and a week later, a “criminal threat actor offered what it alleged to be Company user for criterio rotta the dark web.”

Ticketmaster is one of six Snowflake customers to be con the hacking campaign, said independent security researcher Kevin Beaumont, citing conversations with people inside the affected companies. Australia’s Signal Directorate said Saturday it knew of “successful compromises of several companies utilizing Snowflake environments.” Researchers with security firm Hudson Rock said con a now-deleted post that Santander, Spain’s biggest bank, was also hacked con the campaign. The researchers cited online text conversations with the threat actor. Last month, Santander disclosed a breach affecting customers con Chile, Spain, and Uruguay.

“The tl;dr of the Snowflake thing is mass scraping has been , but nobody noticed, and they’sovrano pointing at customers for having poor credentials,” Beaumont wrote acceso Mastodon. “It appears a lot of has gone walkies from a bunch of orgs.”

Word of the hacks came weeks after a hacking group calling itself ShinyHunters took credit for breaching Santander and Ticketmaster and posted purportedly belonging to both as evidence. The group took to a Breach riunione to seek $2 million for the Santander , which it said included 30 million customer records, 6 million account numbers, and 28 million credit card numbers. It sought $500,000 for the Ticketmaster , which the group claimed included full names, addresses, phone numbers, and partial credit card numbers for 560 million customers.

Beaumont didn’t name the group behind the attacks against Snowflake customers but described it as “a teen crimeware group who’ve been active publicly acceso Telegram for a while and regularly relies acceso infostealer malware to obtain sensitive credentials.

The group has been responsible for hacks acceso dozens of organizations, with a small number of them including:

According to Snowflake, the threat actor used already compromised account credentials con the campaign against its customers. Those accounts weren’t protected by multifactor authentication (MFA).

Snowflake also said that the threat actor used compromised credentials to a former employee account that wasn’t protected by MFA. That account, the company said, was created for demonstration purposes.

“It did not contain sensitive ,” Snowflake’s notification stated. “Demo accounts are not connected to Snowflake’s production corporate systems.”

The company urges all customers to ensure all their accounts are protected with MFA. The statement added that customers should also check their accounts for signs of compromise using these indicators.

“Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted,” the company said con the post.

Snowflake and the two security firms it has retained to investigate the incident—Mandiant and Crowdstrike—said they have yet to find any evidence the breaches are a result of a “vulnerability, misconfiguration, breach of Snowflake’s platform.” But Beaumont said the cloud provider shares some of the responsibility for the breaches because setting up MFA acceso Snowflake is too cumbersome. He cited the breach of the former employee’s demo account as support.

“They need to, at an engineering and secure by level, go back and review how authentication works—as it’s pretty transparent that given the number of victims and scale of the breach that the status quo hasn’t worked,” Beaumont wrote. “Secure authentication should not be non di serie. And they’ve got to be completely transparent about steps they are taking non attivato the back of this incident to strengthen things.”

Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware by purchasing them acceso online crime forums.

Ticketmaster parent Nation—which disclosed Friday that hackers gained access to it stored through an unnamed third-party provider—told TechCrunch the provider was Snowflake. The live-event scontrino broker said it identified the hack acceso May 20, and a week later, a “criminal threat actor offered what it alleged to be Company user for criterio rotta the dark web.”

Ticketmaster is one of six Snowflake customers to be con the hacking campaign, said independent security researcher Kevin Beaumont, citing conversations with people inside the affected companies. Australia’s Signal Directorate said Saturday it knew of “successful compromises of several companies utilizing Snowflake environments.” Researchers with security firm Hudson Rock said con a now-deleted post that Santander, Spain’s biggest bank, was also hacked con the campaign. The researchers cited online text conversations with the threat actor. Last month, Santander disclosed a breach affecting customers con Chile, Spain, and Uruguay.

“The tl;dr of the Snowflake thing is mass scraping has been , but nobody noticed, and they’sovrano pointing at customers for having poor credentials,” Beaumont wrote acceso Mastodon. “It appears a lot of has gone walkies from a bunch of orgs.”

Word of the hacks came weeks after a hacking group calling itself ShinyHunters took credit for breaching Santander and Ticketmaster and posted purportedly belonging to both as evidence. The group took to a Breach riunione to seek $2 million for the Santander , which it said included 30 million customer records, 6 million account numbers, and 28 million credit card numbers. It sought $500,000 for the Ticketmaster , which the group claimed included full names, addresses, phone numbers, and partial credit card numbers for 560 million customers.

Beaumont didn’t name the group behind the attacks against Snowflake customers but described it as “a teen crimeware group who’ve been active publicly acceso Telegram for a while and regularly relies acceso infostealer malware to obtain sensitive credentials.

The group has been responsible for hacks acceso dozens of organizations, with a small number of them including:

According to Snowflake, the threat actor used already compromised account credentials con the campaign against its customers. Those accounts weren’t protected by multifactor authentication (MFA).

Snowflake also said that the threat actor used compromised credentials to a former employee account that wasn’t protected by MFA. That account, the company said, was created for demonstration purposes.

“It did not contain sensitive ,” Snowflake’s notification stated. “Demo accounts are not connected to Snowflake’s production corporate systems.”

The company urges all customers to ensure all their accounts are protected with MFA. The statement added that customers should also check their accounts for signs of compromise using these indicators.

“Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted,” the company said con the post.

Snowflake and the two security firms it has retained to investigate the incident—Mandiant and Crowdstrike—said they have yet to find any evidence the breaches are a result of a “vulnerability, misconfiguration, breach of Snowflake’s platform.” But Beaumont said the cloud provider shares some of the responsibility for the breaches because setting up MFA acceso Snowflake is too cumbersome. He cited the breach of the former employee’s demo account as support.

“They need to, at an engineering and secure by level, go back and review how authentication works—as it’s pretty transparent that given the number of victims and scale of the breach that the status quo hasn’t worked,” Beaumont wrote. “Secure authentication should not be non di serie. And they’ve got to be completely transparent about steps they are taking non attivato the back of this incident to strengthen things.”

Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware by purchasing them acceso online crime forums.

Ticketmaster parent Nation—which disclosed Friday that hackers gained access to it stored through an unnamed third-party provider—told TechCrunch the provider was Snowflake. The live-event scontrino broker said it identified the hack acceso May 20, and a week later, a “criminal threat actor offered what it alleged to be Company user for criterio rotta the dark web.”

Ticketmaster is one of six Snowflake customers to be con the hacking campaign, said independent security researcher Kevin Beaumont, citing conversations with people inside the affected companies. Australia’s Signal Directorate said Saturday it knew of “successful compromises of several companies utilizing Snowflake environments.” Researchers with security firm Hudson Rock said con a now-deleted post that Santander, Spain’s biggest bank, was also hacked con the campaign. The researchers cited online text conversations with the threat actor. Last month, Santander disclosed a breach affecting customers con Chile, Spain, and Uruguay.

“The tl;dr of the Snowflake thing is mass scraping has been , but nobody noticed, and they’sovrano pointing at customers for having poor credentials,” Beaumont wrote acceso Mastodon. “It appears a lot of has gone walkies from a bunch of orgs.”

Word of the hacks came weeks after a hacking group calling itself ShinyHunters took credit for breaching Santander and Ticketmaster and posted purportedly belonging to both as evidence. The group took to a Breach riunione to seek $2 million for the Santander , which it said included 30 million customer records, 6 million account numbers, and 28 million credit card numbers. It sought $500,000 for the Ticketmaster , which the group claimed included full names, addresses, phone numbers, and partial credit card numbers for 560 million customers.

Beaumont didn’t name the group behind the attacks against Snowflake customers but described it as “a teen crimeware group who’ve been active publicly acceso Telegram for a while and regularly relies acceso infostealer malware to obtain sensitive credentials.

The group has been responsible for hacks acceso dozens of organizations, with a small number of them including:

According to Snowflake, the threat actor used already compromised account credentials con the campaign against its customers. Those accounts weren’t protected by multifactor authentication (MFA).

Snowflake also said that the threat actor used compromised credentials to a former employee account that wasn’t protected by MFA. That account, the company said, was created for demonstration purposes.

“It did not contain sensitive ,” Snowflake’s notification stated. “Demo accounts are not connected to Snowflake’s production corporate systems.”

The company urges all customers to ensure all their accounts are protected with MFA. The statement added that customers should also check their accounts for signs of compromise using these indicators.

“Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted,” the company said con the post.

Snowflake and the two security firms it has retained to investigate the incident—Mandiant and Crowdstrike—said they have yet to find any evidence the breaches are a result of a “vulnerability, misconfiguration, breach of Snowflake’s platform.” But Beaumont said the cloud provider shares some of the responsibility for the breaches because setting up MFA acceso Snowflake is too cumbersome. He cited the breach of the former employee’s demo account as support.

“They need to, at an engineering and secure by level, go back and review how authentication works—as it’s pretty transparent that given the number of victims and scale of the breach that the status quo hasn’t worked,” Beaumont wrote. “Secure authentication should not be non di serie. And they’ve got to be completely transparent about steps they are taking non attivato the back of this incident to strengthen things.”

Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware by purchasing them acceso online crime forums.

Ticketmaster parent Nation—which disclosed Friday that hackers gained access to it stored through an unnamed third-party provider—told TechCrunch the provider was Snowflake. The live-event scontrino broker said it identified the hack acceso May 20, and a week later, a “criminal threat actor offered what it alleged to be Company user for criterio rotta the dark web.”

Ticketmaster is one of six Snowflake customers to be con the hacking campaign, said independent security researcher Kevin Beaumont, citing conversations with people inside the affected companies. Australia’s Signal Directorate said Saturday it knew of “successful compromises of several companies utilizing Snowflake environments.” Researchers with security firm Hudson Rock said con a now-deleted post that Santander, Spain’s biggest bank, was also hacked con the campaign. The researchers cited online text conversations with the threat actor. Last month, Santander disclosed a breach affecting customers con Chile, Spain, and Uruguay.

“The tl;dr of the Snowflake thing is mass scraping has been , but nobody noticed, and they’sovrano pointing at customers for having poor credentials,” Beaumont wrote acceso Mastodon. “It appears a lot of has gone walkies from a bunch of orgs.”

Word of the hacks came weeks after a hacking group calling itself ShinyHunters took credit for breaching Santander and Ticketmaster and posted purportedly belonging to both as evidence. The group took to a Breach riunione to seek $2 million for the Santander , which it said included 30 million customer records, 6 million account numbers, and 28 million credit card numbers. It sought $500,000 for the Ticketmaster , which the group claimed included full names, addresses, phone numbers, and partial credit card numbers for 560 million customers.

Beaumont didn’t name the group behind the attacks against Snowflake customers but described it as “a teen crimeware group who’ve been active publicly acceso Telegram for a while and regularly relies acceso infostealer malware to obtain sensitive credentials.

The group has been responsible for hacks acceso dozens of organizations, with a small number of them including:

According to Snowflake, the threat actor used already compromised account credentials con the campaign against its customers. Those accounts weren’t protected by multifactor authentication (MFA).

Snowflake also said that the threat actor used compromised credentials to a former employee account that wasn’t protected by MFA. That account, the company said, was created for demonstration purposes.

“It did not contain sensitive ,” Snowflake’s notification stated. “Demo accounts are not connected to Snowflake’s production corporate systems.”

The company urges all customers to ensure all their accounts are protected with MFA. The statement added that customers should also check their accounts for signs of compromise using these indicators.

“Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted,” the company said con the post.

Snowflake and the two security firms it has retained to investigate the incident—Mandiant and Crowdstrike—said they have yet to find any evidence the breaches are a result of a “vulnerability, misconfiguration, breach of Snowflake’s platform.” But Beaumont said the cloud provider shares some of the responsibility for the breaches because setting up MFA acceso Snowflake is too cumbersome. He cited the breach of the former employee’s demo account as support.

“They need to, at an engineering and secure by level, go back and review how authentication works—as it’s pretty transparent that given the number of victims and scale of the breach that the status quo hasn’t worked,” Beaumont wrote. “Secure authentication should not be non di serie. And they’ve got to be completely transparent about steps they are taking non attivato the back of this incident to strengthen things.”

Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware by purchasing them acceso online crime forums.

Ticketmaster parent Nation—which disclosed Friday that hackers gained access to it stored through an unnamed third-party provider—told TechCrunch the provider was Snowflake. The live-event scontrino broker said it identified the hack acceso May 20, and a week later, a “criminal threat actor offered what it alleged to be Company user for criterio rotta the dark web.”

Ticketmaster is one of six Snowflake customers to be con the hacking campaign, said independent security researcher Kevin Beaumont, citing conversations with people inside the affected companies. Australia’s Signal Directorate said Saturday it knew of “successful compromises of several companies utilizing Snowflake environments.” Researchers with security firm Hudson Rock said con a now-deleted post that Santander, Spain’s biggest bank, was also hacked con the campaign. The researchers cited online text conversations with the threat actor. Last month, Santander disclosed a breach affecting customers con Chile, Spain, and Uruguay.

“The tl;dr of the Snowflake thing is mass scraping has been , but nobody noticed, and they’sovrano pointing at customers for having poor credentials,” Beaumont wrote acceso Mastodon. “It appears a lot of has gone walkies from a bunch of orgs.”

Word of the hacks came weeks after a hacking group calling itself ShinyHunters took credit for breaching Santander and Ticketmaster and posted purportedly belonging to both as evidence. The group took to a Breach riunione to seek $2 million for the Santander , which it said included 30 million customer records, 6 million account numbers, and 28 million credit card numbers. It sought $500,000 for the Ticketmaster , which the group claimed included full names, addresses, phone numbers, and partial credit card numbers for 560 million customers.

Beaumont didn’t name the group behind the attacks against Snowflake customers but described it as “a teen crimeware group who’ve been active publicly acceso Telegram for a while and regularly relies acceso infostealer malware to obtain sensitive credentials.

The group has been responsible for hacks acceso dozens of organizations, with a small number of them including:

According to Snowflake, the threat actor used already compromised account credentials con the campaign against its customers. Those accounts weren’t protected by multifactor authentication (MFA).

Snowflake also said that the threat actor used compromised credentials to a former employee account that wasn’t protected by MFA. That account, the company said, was created for demonstration purposes.

“It did not contain sensitive ,” Snowflake’s notification stated. “Demo accounts are not connected to Snowflake’s production corporate systems.”

The company urges all customers to ensure all their accounts are protected with MFA. The statement added that customers should also check their accounts for signs of compromise using these indicators.

“Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted,” the company said con the post.

Snowflake and the two security firms it has retained to investigate the incident—Mandiant and Crowdstrike—said they have yet to find any evidence the breaches are a result of a “vulnerability, misconfiguration, breach of Snowflake’s platform.” But Beaumont said the cloud provider shares some of the responsibility for the breaches because setting up MFA acceso Snowflake is too cumbersome. He cited the breach of the former employee’s demo account as support.

“They need to, at an engineering and secure by level, go back and review how authentication works—as it’s pretty transparent that given the number of victims and scale of the breach that the status quo hasn’t worked,” Beaumont wrote. “Secure authentication should not be non di serie. And they’ve got to be completely transparent about steps they are taking non attivato the back of this incident to strengthen things.”

Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware by purchasing them acceso online crime forums.

Ticketmaster parent Nation—which disclosed Friday that hackers gained access to it stored through an unnamed third-party provider—told TechCrunch the provider was Snowflake. The live-event scontrino broker said it identified the hack acceso May 20, and a week later, a “criminal threat actor offered what it alleged to be Company user for criterio rotta the dark web.”

Ticketmaster is one of six Snowflake customers to be con the hacking campaign, said independent security researcher Kevin Beaumont, citing conversations with people inside the affected companies. Australia’s Signal Directorate said Saturday it knew of “successful compromises of several companies utilizing Snowflake environments.” Researchers with security firm Hudson Rock said con a now-deleted post that Santander, Spain’s biggest bank, was also hacked con the campaign. The researchers cited online text conversations with the threat actor. Last month, Santander disclosed a breach affecting customers con Chile, Spain, and Uruguay.

“The tl;dr of the Snowflake thing is mass scraping has been , but nobody noticed, and they’sovrano pointing at customers for having poor credentials,” Beaumont wrote acceso Mastodon. “It appears a lot of has gone walkies from a bunch of orgs.”

Word of the hacks came weeks after a hacking group calling itself ShinyHunters took credit for breaching Santander and Ticketmaster and posted purportedly belonging to both as evidence. The group took to a Breach riunione to seek $2 million for the Santander , which it said included 30 million customer records, 6 million account numbers, and 28 million credit card numbers. It sought $500,000 for the Ticketmaster , which the group claimed included full names, addresses, phone numbers, and partial credit card numbers for 560 million customers.

Beaumont didn’t name the group behind the attacks against Snowflake customers but described it as “a teen crimeware group who’ve been active publicly acceso Telegram for a while and regularly relies acceso infostealer malware to obtain sensitive credentials.

The group has been responsible for hacks acceso dozens of organizations, with a small number of them including:

According to Snowflake, the threat actor used already compromised account credentials con the campaign against its customers. Those accounts weren’t protected by multifactor authentication (MFA).

Snowflake also said that the threat actor used compromised credentials to a former employee account that wasn’t protected by MFA. That account, the company said, was created for demonstration purposes.

“It did not contain sensitive ,” Snowflake’s notification stated. “Demo accounts are not connected to Snowflake’s production corporate systems.”

The company urges all customers to ensure all their accounts are protected with MFA. The statement added that customers should also check their accounts for signs of compromise using these indicators.

“Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted,” the company said con the post.

Snowflake and the two security firms it has retained to investigate the incident—Mandiant and Crowdstrike—said they have yet to find any evidence the breaches are a result of a “vulnerability, misconfiguration, breach of Snowflake’s platform.” But Beaumont said the cloud provider shares some of the responsibility for the breaches because setting up MFA acceso Snowflake is too cumbersome. He cited the breach of the former employee’s demo account as support.

“They need to, at an engineering and secure by level, go back and review how authentication works—as it’s pretty transparent that given the number of victims and scale of the breach that the status quo hasn’t worked,” Beaumont wrote. “Secure authentication should not be non di serie. And they’ve got to be completely transparent about steps they are taking non attivato the back of this incident to strengthen things.”

Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware by purchasing them acceso online crime forums.

Ticketmaster parent Nation—which disclosed Friday that hackers gained access to it stored through an unnamed third-party provider—told TechCrunch the provider was Snowflake. The live-event scontrino broker said it identified the hack acceso May 20, and a week later, a “criminal threat actor offered what it alleged to be Company user for criterio rotta the dark web.”

Ticketmaster is one of six Snowflake customers to be con the hacking campaign, said independent security researcher Kevin Beaumont, citing conversations with people inside the affected companies. Australia’s Signal Directorate said Saturday it knew of “successful compromises of several companies utilizing Snowflake environments.” Researchers with security firm Hudson Rock said con a now-deleted post that Santander, Spain’s biggest bank, was also hacked con the campaign. The researchers cited online text conversations with the threat actor. Last month, Santander disclosed a breach affecting customers con Chile, Spain, and Uruguay.

“The tl;dr of the Snowflake thing is mass scraping has been , but nobody noticed, and they’sovrano pointing at customers for having poor credentials,” Beaumont wrote acceso Mastodon. “It appears a lot of has gone walkies from a bunch of orgs.”

Word of the hacks came weeks after a hacking group calling itself ShinyHunters took credit for breaching Santander and Ticketmaster and posted purportedly belonging to both as evidence. The group took to a Breach riunione to seek $2 million for the Santander , which it said included 30 million customer records, 6 million account numbers, and 28 million credit card numbers. It sought $500,000 for the Ticketmaster , which the group claimed included full names, addresses, phone numbers, and partial credit card numbers for 560 million customers.

Beaumont didn’t name the group behind the attacks against Snowflake customers but described it as “a teen crimeware group who’ve been active publicly acceso Telegram for a while and regularly relies acceso infostealer malware to obtain sensitive credentials.

The group has been responsible for hacks acceso dozens of organizations, with a small number of them including:

According to Snowflake, the threat actor used already compromised account credentials con the campaign against its customers. Those accounts weren’t protected by multifactor authentication (MFA).

Snowflake also said that the threat actor used compromised credentials to a former employee account that wasn’t protected by MFA. That account, the company said, was created for demonstration purposes.

“It did not contain sensitive ,” Snowflake’s notification stated. “Demo accounts are not connected to Snowflake’s production corporate systems.”

The company urges all customers to ensure all their accounts are protected with MFA. The statement added that customers should also check their accounts for signs of compromise using these indicators.

“Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted,” the company said con the post.

Snowflake and the two security firms it has retained to investigate the incident—Mandiant and Crowdstrike—said they have yet to find any evidence the breaches are a result of a “vulnerability, misconfiguration, breach of Snowflake’s platform.” But Beaumont said the cloud provider shares some of the responsibility for the breaches because setting up MFA acceso Snowflake is too cumbersome. He cited the breach of the former employee’s demo account as support.

“They need to, at an engineering and secure by level, go back and review how authentication works—as it’s pretty transparent that given the number of victims and scale of the breach that the status quo hasn’t worked,” Beaumont wrote. “Secure authentication should not be non di serie. And they’ve got to be completely transparent about steps they are taking non attivato the back of this incident to strengthen things.”

Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware by purchasing them acceso online crime forums.

Ticketmaster parent Nation—which disclosed Friday that hackers gained access to it stored through an unnamed third-party provider—told TechCrunch the provider was Snowflake. The live-event scontrino broker said it identified the hack acceso May 20, and a week later, a “criminal threat actor offered what it alleged to be Company user for criterio rotta the dark web.”

Ticketmaster is one of six Snowflake customers to be con the hacking campaign, said independent security researcher Kevin Beaumont, citing conversations with people inside the affected companies. Australia’s Signal Directorate said Saturday it knew of “successful compromises of several companies utilizing Snowflake environments.” Researchers with security firm Hudson Rock said con a now-deleted post that Santander, Spain’s biggest bank, was also hacked con the campaign. The researchers cited online text conversations with the threat actor. Last month, Santander disclosed a breach affecting customers con Chile, Spain, and Uruguay.

“The tl;dr of the Snowflake thing is mass scraping has been , but nobody noticed, and they’sovrano pointing at customers for having poor credentials,” Beaumont wrote acceso Mastodon. “It appears a lot of has gone walkies from a bunch of orgs.”

Word of the hacks came weeks after a hacking group calling itself ShinyHunters took credit for breaching Santander and Ticketmaster and posted purportedly belonging to both as evidence. The group took to a Breach riunione to seek $2 million for the Santander , which it said included 30 million customer records, 6 million account numbers, and 28 million credit card numbers. It sought $500,000 for the Ticketmaster , which the group claimed included full names, addresses, phone numbers, and partial credit card numbers for 560 million customers.

Beaumont didn’t name the group behind the attacks against Snowflake customers but described it as “a teen crimeware group who’ve been active publicly acceso Telegram for a while and regularly relies acceso infostealer malware to obtain sensitive credentials.

The group has been responsible for hacks acceso dozens of organizations, with a small number of them including:

According to Snowflake, the threat actor used already compromised account credentials con the campaign against its customers. Those accounts weren’t protected by multifactor authentication (MFA).

Snowflake also said that the threat actor used compromised credentials to a former employee account that wasn’t protected by MFA. That account, the company said, was created for demonstration purposes.

“It did not contain sensitive ,” Snowflake’s notification stated. “Demo accounts are not connected to Snowflake’s production corporate systems.”

The company urges all customers to ensure all their accounts are protected with MFA. The statement added that customers should also check their accounts for signs of compromise using these indicators.

“Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted,” the company said con the post.

Snowflake and the two security firms it has retained to investigate the incident—Mandiant and Crowdstrike—said they have yet to find any evidence the breaches are a result of a “vulnerability, misconfiguration, breach of Snowflake’s platform.” But Beaumont said the cloud provider shares some of the responsibility for the breaches because setting up MFA acceso Snowflake is too cumbersome. He cited the breach of the former employee’s demo account as support.

“They need to, at an engineering and secure by level, go back and review how authentication works—as it’s pretty transparent that given the number of victims and scale of the breach that the status quo hasn’t worked,” Beaumont wrote. “Secure authentication should not be non di serie. And they’ve got to be completely transparent about steps they are taking non attivato the back of this incident to strengthen things.”

Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware by purchasing them acceso online crime forums.

Ticketmaster parent Nation—which disclosed Friday that hackers gained access to it stored through an unnamed third-party provider—told TechCrunch the provider was Snowflake. The live-event scontrino broker said it identified the hack acceso May 20, and a week later, a “criminal threat actor offered what it alleged to be Company user for criterio rotta the dark web.”

Ticketmaster is one of six Snowflake customers to be con the hacking campaign, said independent security researcher Kevin Beaumont, citing conversations with people inside the affected companies. Australia’s Signal Directorate said Saturday it knew of “successful compromises of several companies utilizing Snowflake environments.” Researchers with security firm Hudson Rock said con a now-deleted post that Santander, Spain’s biggest bank, was also hacked con the campaign. The researchers cited online text conversations with the threat actor. Last month, Santander disclosed a breach affecting customers con Chile, Spain, and Uruguay.

“The tl;dr of the Snowflake thing is mass scraping has been , but nobody noticed, and they’sovrano pointing at customers for having poor credentials,” Beaumont wrote acceso Mastodon. “It appears a lot of has gone walkies from a bunch of orgs.”

Word of the hacks came weeks after a hacking group calling itself ShinyHunters took credit for breaching Santander and Ticketmaster and posted purportedly belonging to both as evidence. The group took to a Breach riunione to seek $2 million for the Santander , which it said included 30 million customer records, 6 million account numbers, and 28 million credit card numbers. It sought $500,000 for the Ticketmaster , which the group claimed included full names, addresses, phone numbers, and partial credit card numbers for 560 million customers.

Beaumont didn’t name the group behind the attacks against Snowflake customers but described it as “a teen crimeware group who’ve been active publicly acceso Telegram for a while and regularly relies acceso infostealer malware to obtain sensitive credentials.

The group has been responsible for hacks acceso dozens of organizations, with a small number of them including:

According to Snowflake, the threat actor used already compromised account credentials con the campaign against its customers. Those accounts weren’t protected by multifactor authentication (MFA).

Snowflake also said that the threat actor used compromised credentials to a former employee account that wasn’t protected by MFA. That account, the company said, was created for demonstration purposes.

“It did not contain sensitive ,” Snowflake’s notification stated. “Demo accounts are not connected to Snowflake’s production corporate systems.”

The company urges all customers to ensure all their accounts are protected with MFA. The statement added that customers should also check their accounts for signs of compromise using these indicators.

“Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted,” the company said con the post.

Snowflake and the two security firms it has retained to investigate the incident—Mandiant and Crowdstrike—said they have yet to find any evidence the breaches are a result of a “vulnerability, misconfiguration, breach of Snowflake’s platform.” But Beaumont said the cloud provider shares some of the responsibility for the breaches because setting up MFA acceso Snowflake is too cumbersome. He cited the breach of the former employee’s demo account as support.

“They need to, at an engineering and secure by level, go back and review how authentication works—as it’s pretty transparent that given the number of victims and scale of the breach that the status quo hasn’t worked,” Beaumont wrote. “Secure authentication should not be non di serie. And they’ve got to be completely transparent about steps they are taking non attivato the back of this incident to strengthen things.”

Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware by purchasing them acceso online crime forums.

Ticketmaster parent Nation—which disclosed Friday that hackers gained access to it stored through an unnamed third-party provider—told TechCrunch the provider was Snowflake. The live-event scontrino broker said it identified the hack acceso May 20, and a week later, a “criminal threat actor offered what it alleged to be Company user for criterio rotta the dark web.”

Ticketmaster is one of six Snowflake customers to be con the hacking campaign, said independent security researcher Kevin Beaumont, citing conversations with people inside the affected companies. Australia’s Signal Directorate said Saturday it knew of “successful compromises of several companies utilizing Snowflake environments.” Researchers with security firm Hudson Rock said con a now-deleted post that Santander, Spain’s biggest bank, was also hacked con the campaign. The researchers cited online text conversations with the threat actor. Last month, Santander disclosed a breach affecting customers con Chile, Spain, and Uruguay.

“The tl;dr of the Snowflake thing is mass scraping has been , but nobody noticed, and they’sovrano pointing at customers for having poor credentials,” Beaumont wrote acceso Mastodon. “It appears a lot of has gone walkies from a bunch of orgs.”

Word of the hacks came weeks after a hacking group calling itself ShinyHunters took credit for breaching Santander and Ticketmaster and posted purportedly belonging to both as evidence. The group took to a Breach riunione to seek $2 million for the Santander , which it said included 30 million customer records, 6 million account numbers, and 28 million credit card numbers. It sought $500,000 for the Ticketmaster , which the group claimed included full names, addresses, phone numbers, and partial credit card numbers for 560 million customers.

Beaumont didn’t name the group behind the attacks against Snowflake customers but described it as “a teen crimeware group who’ve been active publicly acceso Telegram for a while and regularly relies acceso infostealer malware to obtain sensitive credentials.

The group has been responsible for hacks acceso dozens of organizations, with a small number of them including:

According to Snowflake, the threat actor used already compromised account credentials con the campaign against its customers. Those accounts weren’t protected by multifactor authentication (MFA).

Snowflake also said that the threat actor used compromised credentials to a former employee account that wasn’t protected by MFA. That account, the company said, was created for demonstration purposes.

“It did not contain sensitive ,” Snowflake’s notification stated. “Demo accounts are not connected to Snowflake’s production corporate systems.”

The company urges all customers to ensure all their accounts are protected with MFA. The statement added that customers should also check their accounts for signs of compromise using these indicators.

“Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted,” the company said con the post.

Snowflake and the two security firms it has retained to investigate the incident—Mandiant and Crowdstrike—said they have yet to find any evidence the breaches are a result of a “vulnerability, misconfiguration, breach of Snowflake’s platform.” But Beaumont said the cloud provider shares some of the responsibility for the breaches because setting up MFA acceso Snowflake is too cumbersome. He cited the breach of the former employee’s demo account as support.

“They need to, at an engineering and secure by level, go back and review how authentication works—as it’s pretty transparent that given the number of victims and scale of the breach that the status quo hasn’t worked,” Beaumont wrote. “Secure authentication should not be non di serie. And they’ve got to be completely transparent about steps they are taking non attivato the back of this incident to strengthen things.”

Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware by purchasing them acceso online crime forums.

Ticketmaster parent Nation—which disclosed Friday that hackers gained access to it stored through an unnamed third-party provider—told TechCrunch the provider was Snowflake. The live-event scontrino broker said it identified the hack acceso May 20, and a week later, a “criminal threat actor offered what it alleged to be Company user for criterio rotta the dark web.”

Ticketmaster is one of six Snowflake customers to be con the hacking campaign, said independent security researcher Kevin Beaumont, citing conversations with people inside the affected companies. Australia’s Signal Directorate said Saturday it knew of “successful compromises of several companies utilizing Snowflake environments.” Researchers with security firm Hudson Rock said con a now-deleted post that Santander, Spain’s biggest bank, was also hacked con the campaign. The researchers cited online text conversations with the threat actor. Last month, Santander disclosed a breach affecting customers con Chile, Spain, and Uruguay.

“The tl;dr of the Snowflake thing is mass scraping has been , but nobody noticed, and they’sovrano pointing at customers for having poor credentials,” Beaumont wrote acceso Mastodon. “It appears a lot of has gone walkies from a bunch of orgs.”

Word of the hacks came weeks after a hacking group calling itself ShinyHunters took credit for breaching Santander and Ticketmaster and posted purportedly belonging to both as evidence. The group took to a Breach riunione to seek $2 million for the Santander , which it said included 30 million customer records, 6 million account numbers, and 28 million credit card numbers. It sought $500,000 for the Ticketmaster , which the group claimed included full names, addresses, phone numbers, and partial credit card numbers for 560 million customers.

Beaumont didn’t name the group behind the attacks against Snowflake customers but described it as “a teen crimeware group who’ve been active publicly acceso Telegram for a while and regularly relies acceso infostealer malware to obtain sensitive credentials.

The group has been responsible for hacks acceso dozens of organizations, with a small number of them including:

According to Snowflake, the threat actor used already compromised account credentials con the campaign against its customers. Those accounts weren’t protected by multifactor authentication (MFA).

Snowflake also said that the threat actor used compromised credentials to a former employee account that wasn’t protected by MFA. That account, the company said, was created for demonstration purposes.

“It did not contain sensitive ,” Snowflake’s notification stated. “Demo accounts are not connected to Snowflake’s production corporate systems.”

The company urges all customers to ensure all their accounts are protected with MFA. The statement added that customers should also check their accounts for signs of compromise using these indicators.

“Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted,” the company said con the post.

Snowflake and the two security firms it has retained to investigate the incident—Mandiant and Crowdstrike—said they have yet to find any evidence the breaches are a result of a “vulnerability, misconfiguration, breach of Snowflake’s platform.” But Beaumont said the cloud provider shares some of the responsibility for the breaches because setting up MFA acceso Snowflake is too cumbersome. He cited the breach of the former employee’s demo account as support.

“They need to, at an engineering and secure by level, go back and review how authentication works—as it’s pretty transparent that given the number of victims and scale of the breach that the status quo hasn’t worked,” Beaumont wrote. “Secure authentication should not be non di serie. And they’ve got to be completely transparent about steps they are taking non attivato the back of this incident to strengthen things.”

Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware by purchasing them acceso online crime forums.

Ticketmaster parent Nation—which disclosed Friday that hackers gained access to it stored through an unnamed third-party provider—told TechCrunch the provider was Snowflake. The live-event scontrino broker said it identified the hack acceso May 20, and a week later, a “criminal threat actor offered what it alleged to be Company user for criterio rotta the dark web.”

Ticketmaster is one of six Snowflake customers to be con the hacking campaign, said independent security researcher Kevin Beaumont, citing conversations with people inside the affected companies. Australia’s Signal Directorate said Saturday it knew of “successful compromises of several companies utilizing Snowflake environments.” Researchers with security firm Hudson Rock said con a now-deleted post that Santander, Spain’s biggest bank, was also hacked con the campaign. The researchers cited online text conversations with the threat actor. Last month, Santander disclosed a breach affecting customers con Chile, Spain, and Uruguay.

“The tl;dr of the Snowflake thing is mass scraping has been , but nobody noticed, and they’sovrano pointing at customers for having poor credentials,” Beaumont wrote acceso Mastodon. “It appears a lot of has gone walkies from a bunch of orgs.”

Word of the hacks came weeks after a hacking group calling itself ShinyHunters took credit for breaching Santander and Ticketmaster and posted purportedly belonging to both as evidence. The group took to a Breach riunione to seek $2 million for the Santander , which it said included 30 million customer records, 6 million account numbers, and 28 million credit card numbers. It sought $500,000 for the Ticketmaster , which the group claimed included full names, addresses, phone numbers, and partial credit card numbers for 560 million customers.

Beaumont didn’t name the group behind the attacks against Snowflake customers but described it as “a teen crimeware group who’ve been active publicly acceso Telegram for a while and regularly relies acceso infostealer malware to obtain sensitive credentials.

The group has been responsible for hacks acceso dozens of organizations, with a small number of them including:

According to Snowflake, the threat actor used already compromised account credentials con the campaign against its customers. Those accounts weren’t protected by multifactor authentication (MFA).

Snowflake also said that the threat actor used compromised credentials to a former employee account that wasn’t protected by MFA. That account, the company said, was created for demonstration purposes.

“It did not contain sensitive ,” Snowflake’s notification stated. “Demo accounts are not connected to Snowflake’s production corporate systems.”

The company urges all customers to ensure all their accounts are protected with MFA. The statement added that customers should also check their accounts for signs of compromise using these indicators.

“Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted,” the company said con the post.

Snowflake and the two security firms it has retained to investigate the incident—Mandiant and Crowdstrike—said they have yet to find any evidence the breaches are a result of a “vulnerability, misconfiguration, breach of Snowflake’s platform.” But Beaumont said the cloud provider shares some of the responsibility for the breaches because setting up MFA acceso Snowflake is too cumbersome. He cited the breach of the former employee’s demo account as support.

“They need to, at an engineering and secure by level, go back and review how authentication works—as it’s pretty transparent that given the number of victims and scale of the breach that the status quo hasn’t worked,” Beaumont wrote. “Secure authentication should not be non di serie. And they’ve got to be completely transparent about steps they are taking non attivato the back of this incident to strengthen things.”

Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware by purchasing them acceso online crime forums.

Ticketmaster parent Nation—which disclosed Friday that hackers gained access to it stored through an unnamed third-party provider—told TechCrunch the provider was Snowflake. The live-event scontrino broker said it identified the hack acceso May 20, and a week later, a “criminal threat actor offered what it alleged to be Company user for criterio rotta the dark web.”

Ticketmaster is one of six Snowflake customers to be con the hacking campaign, said independent security researcher Kevin Beaumont, citing conversations with people inside the affected companies. Australia’s Signal Directorate said Saturday it knew of “successful compromises of several companies utilizing Snowflake environments.” Researchers with security firm Hudson Rock said con a now-deleted post that Santander, Spain’s biggest bank, was also hacked con the campaign. The researchers cited online text conversations with the threat actor. Last month, Santander disclosed a breach affecting customers con Chile, Spain, and Uruguay.

“The tl;dr of the Snowflake thing is mass scraping has been , but nobody noticed, and they’sovrano pointing at customers for having poor credentials,” Beaumont wrote acceso Mastodon. “It appears a lot of has gone walkies from a bunch of orgs.”

Word of the hacks came weeks after a hacking group calling itself ShinyHunters took credit for breaching Santander and Ticketmaster and posted purportedly belonging to both as evidence. The group took to a Breach riunione to seek $2 million for the Santander , which it said included 30 million customer records, 6 million account numbers, and 28 million credit card numbers. It sought $500,000 for the Ticketmaster , which the group claimed included full names, addresses, phone numbers, and partial credit card numbers for 560 million customers.

Beaumont didn’t name the group behind the attacks against Snowflake customers but described it as “a teen crimeware group who’ve been active publicly acceso Telegram for a while and regularly relies acceso infostealer malware to obtain sensitive credentials.

The group has been responsible for hacks acceso dozens of organizations, with a small number of them including:

According to Snowflake, the threat actor used already compromised account credentials con the campaign against its customers. Those accounts weren’t protected by multifactor authentication (MFA).

Snowflake also said that the threat actor used compromised credentials to a former employee account that wasn’t protected by MFA. That account, the company said, was created for demonstration purposes.

“It did not contain sensitive ,” Snowflake’s notification stated. “Demo accounts are not connected to Snowflake’s production corporate systems.”

The company urges all customers to ensure all their accounts are protected with MFA. The statement added that customers should also check their accounts for signs of compromise using these indicators.

“Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted,” the company said con the post.

Snowflake and the two security firms it has retained to investigate the incident—Mandiant and Crowdstrike—said they have yet to find any evidence the breaches are a result of a “vulnerability, misconfiguration, breach of Snowflake’s platform.” But Beaumont said the cloud provider shares some of the responsibility for the breaches because setting up MFA acceso Snowflake is too cumbersome. He cited the breach of the former employee’s demo account as support.

“They need to, at an engineering and secure by level, go back and review how authentication works—as it’s pretty transparent that given the number of victims and scale of the breach that the status quo hasn’t worked,” Beaumont wrote. “Secure authentication should not be non di serie. And they’ve got to be completely transparent about steps they are taking non attivato the back of this incident to strengthen things.”

Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware by purchasing them acceso online crime forums.

Ticketmaster parent Nation—which disclosed Friday that hackers gained access to it stored through an unnamed third-party provider—told TechCrunch the provider was Snowflake. The live-event scontrino broker said it identified the hack acceso May 20, and a week later, a “criminal threat actor offered what it alleged to be Company user for criterio rotta the dark web.”

Ticketmaster is one of six Snowflake customers to be con the hacking campaign, said independent security researcher Kevin Beaumont, citing conversations with people inside the affected companies. Australia’s Signal Directorate said Saturday it knew of “successful compromises of several companies utilizing Snowflake environments.” Researchers with security firm Hudson Rock said con a now-deleted post that Santander, Spain’s biggest bank, was also hacked con the campaign. The researchers cited online text conversations with the threat actor. Last month, Santander disclosed a breach affecting customers con Chile, Spain, and Uruguay.

“The tl;dr of the Snowflake thing is mass scraping has been , but nobody noticed, and they’sovrano pointing at customers for having poor credentials,” Beaumont wrote acceso Mastodon. “It appears a lot of has gone walkies from a bunch of orgs.”

Word of the hacks came weeks after a hacking group calling itself ShinyHunters took credit for breaching Santander and Ticketmaster and posted purportedly belonging to both as evidence. The group took to a Breach riunione to seek $2 million for the Santander , which it said included 30 million customer records, 6 million account numbers, and 28 million credit card numbers. It sought $500,000 for the Ticketmaster , which the group claimed included full names, addresses, phone numbers, and partial credit card numbers for 560 million customers.

Beaumont didn’t name the group behind the attacks against Snowflake customers but described it as “a teen crimeware group who’ve been active publicly acceso Telegram for a while and regularly relies acceso infostealer malware to obtain sensitive credentials.

The group has been responsible for hacks acceso dozens of organizations, with a small number of them including:

According to Snowflake, the threat actor used already compromised account credentials con the campaign against its customers. Those accounts weren’t protected by multifactor authentication (MFA).

Snowflake also said that the threat actor used compromised credentials to a former employee account that wasn’t protected by MFA. That account, the company said, was created for demonstration purposes.

“It did not contain sensitive ,” Snowflake’s notification stated. “Demo accounts are not connected to Snowflake’s production corporate systems.”

The company urges all customers to ensure all their accounts are protected with MFA. The statement added that customers should also check their accounts for signs of compromise using these indicators.

“Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted,” the company said con the post.

Snowflake and the two security firms it has retained to investigate the incident—Mandiant and Crowdstrike—said they have yet to find any evidence the breaches are a result of a “vulnerability, misconfiguration, breach of Snowflake’s platform.” But Beaumont said the cloud provider shares some of the responsibility for the breaches because setting up MFA acceso Snowflake is too cumbersome. He cited the breach of the former employee’s demo account as support.

“They need to, at an engineering and secure by level, go back and review how authentication works—as it’s pretty transparent that given the number of victims and scale of the breach that the status quo hasn’t worked,” Beaumont wrote. “Secure authentication should not be non di serie. And they’ve got to be completely transparent about steps they are taking non attivato the back of this incident to strengthen things.”

Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware by purchasing them acceso online crime forums.

Ticketmaster parent Nation—which disclosed Friday that hackers gained access to it stored through an unnamed third-party provider—told TechCrunch the provider was Snowflake. The live-event scontrino broker said it identified the hack acceso May 20, and a week later, a “criminal threat actor offered what it alleged to be Company user for criterio rotta the dark web.”

Ticketmaster is one of six Snowflake customers to be con the hacking campaign, said independent security researcher Kevin Beaumont, citing conversations with people inside the affected companies. Australia’s Signal Directorate said Saturday it knew of “successful compromises of several companies utilizing Snowflake environments.” Researchers with security firm Hudson Rock said con a now-deleted post that Santander, Spain’s biggest bank, was also hacked con the campaign. The researchers cited online text conversations with the threat actor. Last month, Santander disclosed a breach affecting customers con Chile, Spain, and Uruguay.

“The tl;dr of the Snowflake thing is mass scraping has been , but nobody noticed, and they’sovrano pointing at customers for having poor credentials,” Beaumont wrote acceso Mastodon. “It appears a lot of has gone walkies from a bunch of orgs.”

Word of the hacks came weeks after a hacking group calling itself ShinyHunters took credit for breaching Santander and Ticketmaster and posted purportedly belonging to both as evidence. The group took to a Breach riunione to seek $2 million for the Santander , which it said included 30 million customer records, 6 million account numbers, and 28 million credit card numbers. It sought $500,000 for the Ticketmaster , which the group claimed included full names, addresses, phone numbers, and partial credit card numbers for 560 million customers.

Beaumont didn’t name the group behind the attacks against Snowflake customers but described it as “a teen crimeware group who’ve been active publicly acceso Telegram for a while and regularly relies acceso infostealer malware to obtain sensitive credentials.

The group has been responsible for hacks acceso dozens of organizations, with a small number of them including:

According to Snowflake, the threat actor used already compromised account credentials con the campaign against its customers. Those accounts weren’t protected by multifactor authentication (MFA).

Snowflake also said that the threat actor used compromised credentials to a former employee account that wasn’t protected by MFA. That account, the company said, was created for demonstration purposes.

“It did not contain sensitive ,” Snowflake’s notification stated. “Demo accounts are not connected to Snowflake’s production corporate systems.”

The company urges all customers to ensure all their accounts are protected with MFA. The statement added that customers should also check their accounts for signs of compromise using these indicators.

“Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted,” the company said con the post.

Snowflake and the two security firms it has retained to investigate the incident—Mandiant and Crowdstrike—said they have yet to find any evidence the breaches are a result of a “vulnerability, misconfiguration, breach of Snowflake’s platform.” But Beaumont said the cloud provider shares some of the responsibility for the breaches because setting up MFA acceso Snowflake is too cumbersome. He cited the breach of the former employee’s demo account as support.

“They need to, at an engineering and secure by level, go back and review how authentication works—as it’s pretty transparent that given the number of victims and scale of the breach that the status quo hasn’t worked,” Beaumont wrote. “Secure authentication should not be non di serie. And they’ve got to be completely transparent about steps they are taking non attivato the back of this incident to strengthen things.”

Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware by purchasing them acceso online crime forums.

Ticketmaster parent Nation—which disclosed Friday that hackers gained access to it stored through an unnamed third-party provider—told TechCrunch the provider was Snowflake. The live-event scontrino broker said it identified the hack acceso May 20, and a week later, a “criminal threat actor offered what it alleged to be Company user for criterio rotta the dark web.”

Ticketmaster is one of six Snowflake customers to be con the hacking campaign, said independent security researcher Kevin Beaumont, citing conversations with people inside the affected companies. Australia’s Signal Directorate said Saturday it knew of “successful compromises of several companies utilizing Snowflake environments.” Researchers with security firm Hudson Rock said con a now-deleted post that Santander, Spain’s biggest bank, was also hacked con the campaign. The researchers cited online text conversations with the threat actor. Last month, Santander disclosed a breach affecting customers con Chile, Spain, and Uruguay.

“The tl;dr of the Snowflake thing is mass scraping has been , but nobody noticed, and they’sovrano pointing at customers for having poor credentials,” Beaumont wrote acceso Mastodon. “It appears a lot of has gone walkies from a bunch of orgs.”

Word of the hacks came weeks after a hacking group calling itself ShinyHunters took credit for breaching Santander and Ticketmaster and posted purportedly belonging to both as evidence. The group took to a Breach riunione to seek $2 million for the Santander , which it said included 30 million customer records, 6 million account numbers, and 28 million credit card numbers. It sought $500,000 for the Ticketmaster , which the group claimed included full names, addresses, phone numbers, and partial credit card numbers for 560 million customers.

Beaumont didn’t name the group behind the attacks against Snowflake customers but described it as “a teen crimeware group who’ve been active publicly acceso Telegram for a while and regularly relies acceso infostealer malware to obtain sensitive credentials.

The group has been responsible for hacks acceso dozens of organizations, with a small number of them including:

According to Snowflake, the threat actor used already compromised account credentials con the campaign against its customers. Those accounts weren’t protected by multifactor authentication (MFA).

Snowflake also said that the threat actor used compromised credentials to a former employee account that wasn’t protected by MFA. That account, the company said, was created for demonstration purposes.

“It did not contain sensitive ,” Snowflake’s notification stated. “Demo accounts are not connected to Snowflake’s production corporate systems.”

The company urges all customers to ensure all their accounts are protected with MFA. The statement added that customers should also check their accounts for signs of compromise using these indicators.

“Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted,” the company said con the post.

Snowflake and the two security firms it has retained to investigate the incident—Mandiant and Crowdstrike—said they have yet to find any evidence the breaches are a result of a “vulnerability, misconfiguration, breach of Snowflake’s platform.” But Beaumont said the cloud provider shares some of the responsibility for the breaches because setting up MFA acceso Snowflake is too cumbersome. He cited the breach of the former employee’s demo account as support.

“They need to, at an engineering and secure by level, go back and review how authentication works—as it’s pretty transparent that given the number of victims and scale of the breach that the status quo hasn’t worked,” Beaumont wrote. “Secure authentication should not be non di serie. And they’ve got to be completely transparent about steps they are taking non attivato the back of this incident to strengthen things.”

Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware by purchasing them acceso online crime forums.

Ticketmaster parent Nation—which disclosed Friday that hackers gained access to it stored through an unnamed third-party provider—told TechCrunch the provider was Snowflake. The live-event scontrino broker said it identified the hack acceso May 20, and a week later, a “criminal threat actor offered what it alleged to be Company user for criterio rotta the dark web.”

Ticketmaster is one of six Snowflake customers to be con the hacking campaign, said independent security researcher Kevin Beaumont, citing conversations with people inside the affected companies. Australia’s Signal Directorate said Saturday it knew of “successful compromises of several companies utilizing Snowflake environments.” Researchers with security firm Hudson Rock said con a now-deleted post that Santander, Spain’s biggest bank, was also hacked con the campaign. The researchers cited online text conversations with the threat actor. Last month, Santander disclosed a breach affecting customers con Chile, Spain, and Uruguay.

“The tl;dr of the Snowflake thing is mass scraping has been , but nobody noticed, and they’sovrano pointing at customers for having poor credentials,” Beaumont wrote acceso Mastodon. “It appears a lot of has gone walkies from a bunch of orgs.”

Word of the hacks came weeks after a hacking group calling itself ShinyHunters took credit for breaching Santander and Ticketmaster and posted purportedly belonging to both as evidence. The group took to a Breach riunione to seek $2 million for the Santander , which it said included 30 million customer records, 6 million account numbers, and 28 million credit card numbers. It sought $500,000 for the Ticketmaster , which the group claimed included full names, addresses, phone numbers, and partial credit card numbers for 560 million customers.

Beaumont didn’t name the group behind the attacks against Snowflake customers but described it as “a teen crimeware group who’ve been active publicly acceso Telegram for a while and regularly relies acceso infostealer malware to obtain sensitive credentials.

The group has been responsible for hacks acceso dozens of organizations, with a small number of them including:

According to Snowflake, the threat actor used already compromised account credentials con the campaign against its customers. Those accounts weren’t protected by multifactor authentication (MFA).

Snowflake also said that the threat actor used compromised credentials to a former employee account that wasn’t protected by MFA. That account, the company said, was created for demonstration purposes.

“It did not contain sensitive ,” Snowflake’s notification stated. “Demo accounts are not connected to Snowflake’s production corporate systems.”

The company urges all customers to ensure all their accounts are protected with MFA. The statement added that customers should also check their accounts for signs of compromise using these indicators.

“Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted,” the company said con the post.

Snowflake and the two security firms it has retained to investigate the incident—Mandiant and Crowdstrike—said they have yet to find any evidence the breaches are a result of a “vulnerability, misconfiguration, breach of Snowflake’s platform.” But Beaumont said the cloud provider shares some of the responsibility for the breaches because setting up MFA acceso Snowflake is too cumbersome. He cited the breach of the former employee’s demo account as support.

“They need to, at an engineering and secure by level, go back and review how authentication works—as it’s pretty transparent that given the number of victims and scale of the breach that the status quo hasn’t worked,” Beaumont wrote. “Secure authentication should not be non di serie. And they’ve got to be completely transparent about steps they are taking non attivato the back of this incident to strengthen things.”

Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware by purchasing them acceso online crime forums.

Ticketmaster parent Nation—which disclosed Friday that hackers gained access to it stored through an unnamed third-party provider—told TechCrunch the provider was Snowflake. The live-event scontrino broker said it identified the hack acceso May 20, and a week later, a “criminal threat actor offered what it alleged to be Company user for criterio rotta the dark web.”

Ticketmaster is one of six Snowflake customers to be con the hacking campaign, said independent security researcher Kevin Beaumont, citing conversations with people inside the affected companies. Australia’s Signal Directorate said Saturday it knew of “successful compromises of several companies utilizing Snowflake environments.” Researchers with security firm Hudson Rock said con a now-deleted post that Santander, Spain’s biggest bank, was also hacked con the campaign. The researchers cited online text conversations with the threat actor. Last month, Santander disclosed a breach affecting customers con Chile, Spain, and Uruguay.

“The tl;dr of the Snowflake thing is mass scraping has been , but nobody noticed, and they’sovrano pointing at customers for having poor credentials,” Beaumont wrote acceso Mastodon. “It appears a lot of has gone walkies from a bunch of orgs.”

Word of the hacks came weeks after a hacking group calling itself ShinyHunters took credit for breaching Santander and Ticketmaster and posted purportedly belonging to both as evidence. The group took to a Breach riunione to seek $2 million for the Santander , which it said included 30 million customer records, 6 million account numbers, and 28 million credit card numbers. It sought $500,000 for the Ticketmaster , which the group claimed included full names, addresses, phone numbers, and partial credit card numbers for 560 million customers.

Beaumont didn’t name the group behind the attacks against Snowflake customers but described it as “a teen crimeware group who’ve been active publicly acceso Telegram for a while and regularly relies acceso infostealer malware to obtain sensitive credentials.

The group has been responsible for hacks acceso dozens of organizations, with a small number of them including:

According to Snowflake, the threat actor used already compromised account credentials con the campaign against its customers. Those accounts weren’t protected by multifactor authentication (MFA).

Snowflake also said that the threat actor used compromised credentials to a former employee account that wasn’t protected by MFA. That account, the company said, was created for demonstration purposes.

“It did not contain sensitive ,” Snowflake’s notification stated. “Demo accounts are not connected to Snowflake’s production corporate systems.”

The company urges all customers to ensure all their accounts are protected with MFA. The statement added that customers should also check their accounts for signs of compromise using these indicators.

“Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted,” the company said con the post.

Snowflake and the two security firms it has retained to investigate the incident—Mandiant and Crowdstrike—said they have yet to find any evidence the breaches are a result of a “vulnerability, misconfiguration, breach of Snowflake’s platform.” But Beaumont said the cloud provider shares some of the responsibility for the breaches because setting up MFA acceso Snowflake is too cumbersome. He cited the breach of the former employee’s demo account as support.

“They need to, at an engineering and secure by level, go back and review how authentication works—as it’s pretty transparent that given the number of victims and scale of the breach that the status quo hasn’t worked,” Beaumont wrote. “Secure authentication should not be non di serie. And they’ve got to be completely transparent about steps they are taking non attivato the back of this incident to strengthen things.”

Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware by purchasing them acceso online crime forums.

Ticketmaster parent Nation—which disclosed Friday that hackers gained access to it stored through an unnamed third-party provider—told TechCrunch the provider was Snowflake. The live-event scontrino broker said it identified the hack acceso May 20, and a week later, a “criminal threat actor offered what it alleged to be Company user for criterio rotta the dark web.”

Ticketmaster is one of six Snowflake customers to be con the hacking campaign, said independent security researcher Kevin Beaumont, citing conversations with people inside the affected companies. Australia’s Signal Directorate said Saturday it knew of “successful compromises of several companies utilizing Snowflake environments.” Researchers with security firm Hudson Rock said con a now-deleted post that Santander, Spain’s biggest bank, was also hacked con the campaign. The researchers cited online text conversations with the threat actor. Last month, Santander disclosed a breach affecting customers con Chile, Spain, and Uruguay.

“The tl;dr of the Snowflake thing is mass scraping has been , but nobody noticed, and they’sovrano pointing at customers for having poor credentials,” Beaumont wrote acceso Mastodon. “It appears a lot of has gone walkies from a bunch of orgs.”

Word of the hacks came weeks after a hacking group calling itself ShinyHunters took credit for breaching Santander and Ticketmaster and posted purportedly belonging to both as evidence. The group took to a Breach riunione to seek $2 million for the Santander , which it said included 30 million customer records, 6 million account numbers, and 28 million credit card numbers. It sought $500,000 for the Ticketmaster , which the group claimed included full names, addresses, phone numbers, and partial credit card numbers for 560 million customers.

Beaumont didn’t name the group behind the attacks against Snowflake customers but described it as “a teen crimeware group who’ve been active publicly acceso Telegram for a while and regularly relies acceso infostealer malware to obtain sensitive credentials.

The group has been responsible for hacks acceso dozens of organizations, with a small number of them including:

According to Snowflake, the threat actor used already compromised account credentials con the campaign against its customers. Those accounts weren’t protected by multifactor authentication (MFA).

Snowflake also said that the threat actor used compromised credentials to a former employee account that wasn’t protected by MFA. That account, the company said, was created for demonstration purposes.

“It did not contain sensitive ,” Snowflake’s notification stated. “Demo accounts are not connected to Snowflake’s production corporate systems.”

The company urges all customers to ensure all their accounts are protected with MFA. The statement added that customers should also check their accounts for signs of compromise using these indicators.

“Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted,” the company said con the post.

Snowflake and the two security firms it has retained to investigate the incident—Mandiant and Crowdstrike—said they have yet to find any evidence the breaches are a result of a “vulnerability, misconfiguration, breach of Snowflake’s platform.” But Beaumont said the cloud provider shares some of the responsibility for the breaches because setting up MFA acceso Snowflake is too cumbersome. He cited the breach of the former employee’s demo account as support.

“They need to, at an engineering and secure by level, go back and review how authentication works—as it’s pretty transparent that given the number of victims and scale of the breach that the status quo hasn’t worked,” Beaumont wrote. “Secure authentication should not be non di serie. And they’ve got to be completely transparent about steps they are taking non attivato the back of this incident to strengthen things.”

Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware by purchasing them acceso online crime forums.

Ticketmaster parent Nation—which disclosed Friday that hackers gained access to it stored through an unnamed third-party provider—told TechCrunch the provider was Snowflake. The live-event scontrino broker said it identified the hack acceso May 20, and a week later, a “criminal threat actor offered what it alleged to be Company user for criterio rotta the dark web.”

Ticketmaster is one of six Snowflake customers to be con the hacking campaign, said independent security researcher Kevin Beaumont, citing conversations with people inside the affected companies. Australia’s Signal Directorate said Saturday it knew of “successful compromises of several companies utilizing Snowflake environments.” Researchers with security firm Hudson Rock said con a now-deleted post that Santander, Spain’s biggest bank, was also hacked con the campaign. The researchers cited online text conversations with the threat actor. Last month, Santander disclosed a breach affecting customers con Chile, Spain, and Uruguay.

“The tl;dr of the Snowflake thing is mass scraping has been , but nobody noticed, and they’sovrano pointing at customers for having poor credentials,” Beaumont wrote acceso Mastodon. “It appears a lot of has gone walkies from a bunch of orgs.”

Word of the hacks came weeks after a hacking group calling itself ShinyHunters took credit for breaching Santander and Ticketmaster and posted purportedly belonging to both as evidence. The group took to a Breach riunione to seek $2 million for the Santander , which it said included 30 million customer records, 6 million account numbers, and 28 million credit card numbers. It sought $500,000 for the Ticketmaster , which the group claimed included full names, addresses, phone numbers, and partial credit card numbers for 560 million customers.

Beaumont didn’t name the group behind the attacks against Snowflake customers but described it as “a teen crimeware group who’ve been active publicly acceso Telegram for a while and regularly relies acceso infostealer malware to obtain sensitive credentials.

The group has been responsible for hacks acceso dozens of organizations, with a small number of them including:

According to Snowflake, the threat actor used already compromised account credentials con the campaign against its customers. Those accounts weren’t protected by multifactor authentication (MFA).

Snowflake also said that the threat actor used compromised credentials to a former employee account that wasn’t protected by MFA. That account, the company said, was created for demonstration purposes.

“It did not contain sensitive ,” Snowflake’s notification stated. “Demo accounts are not connected to Snowflake’s production corporate systems.”

The company urges all customers to ensure all their accounts are protected with MFA. The statement added that customers should also check their accounts for signs of compromise using these indicators.

“Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted,” the company said con the post.

Snowflake and the two security firms it has retained to investigate the incident—Mandiant and Crowdstrike—said they have yet to find any evidence the breaches are a result of a “vulnerability, misconfiguration, breach of Snowflake’s platform.” But Beaumont said the cloud provider shares some of the responsibility for the breaches because setting up MFA acceso Snowflake is too cumbersome. He cited the breach of the former employee’s demo account as support.

“They need to, at an engineering and secure by level, go back and review how authentication works—as it’s pretty transparent that given the number of victims and scale of the breach that the status quo hasn’t worked,” Beaumont wrote. “Secure authentication should not be non di serie. And they’ve got to be completely transparent about steps they are taking non attivato the back of this incident to strengthen things.”

Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware by purchasing them acceso online crime forums.

Ticketmaster parent Nation—which disclosed Friday that hackers gained access to it stored through an unnamed third-party provider—told TechCrunch the provider was Snowflake. The live-event scontrino broker said it identified the hack acceso May 20, and a week later, a “criminal threat actor offered what it alleged to be Company user for criterio rotta the dark web.”

Ticketmaster is one of six Snowflake customers to be con the hacking campaign, said independent security researcher Kevin Beaumont, citing conversations with people inside the affected companies. Australia’s Signal Directorate said Saturday it knew of “successful compromises of several companies utilizing Snowflake environments.” Researchers with security firm Hudson Rock said con a now-deleted post that Santander, Spain’s biggest bank, was also hacked con the campaign. The researchers cited online text conversations with the threat actor. Last month, Santander disclosed a breach affecting customers con Chile, Spain, and Uruguay.

“The tl;dr of the Snowflake thing is mass scraping has been , but nobody noticed, and they’sovrano pointing at customers for having poor credentials,” Beaumont wrote acceso Mastodon. “It appears a lot of has gone walkies from a bunch of orgs.”

Word of the hacks came weeks after a hacking group calling itself ShinyHunters took credit for breaching Santander and Ticketmaster and posted purportedly belonging to both as evidence. The group took to a Breach riunione to seek $2 million for the Santander , which it said included 30 million customer records, 6 million account numbers, and 28 million credit card numbers. It sought $500,000 for the Ticketmaster , which the group claimed included full names, addresses, phone numbers, and partial credit card numbers for 560 million customers.

Beaumont didn’t name the group behind the attacks against Snowflake customers but described it as “a teen crimeware group who’ve been active publicly acceso Telegram for a while and regularly relies acceso infostealer malware to obtain sensitive credentials.

The group has been responsible for hacks acceso dozens of organizations, with a small number of them including:

According to Snowflake, the threat actor used already compromised account credentials con the campaign against its customers. Those accounts weren’t protected by multifactor authentication (MFA).

Snowflake also said that the threat actor used compromised credentials to a former employee account that wasn’t protected by MFA. That account, the company said, was created for demonstration purposes.

“It did not contain sensitive ,” Snowflake’s notification stated. “Demo accounts are not connected to Snowflake’s production corporate systems.”

The company urges all customers to ensure all their accounts are protected with MFA. The statement added that customers should also check their accounts for signs of compromise using these indicators.

“Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted,” the company said con the post.

Snowflake and the two security firms it has retained to investigate the incident—Mandiant and Crowdstrike—said they have yet to find any evidence the breaches are a result of a “vulnerability, misconfiguration, breach of Snowflake’s platform.” But Beaumont said the cloud provider shares some of the responsibility for the breaches because setting up MFA acceso Snowflake is too cumbersome. He cited the breach of the former employee’s demo account as support.

“They need to, at an engineering and secure by level, go back and review how authentication works—as it’s pretty transparent that given the number of victims and scale of the breach that the status quo hasn’t worked,” Beaumont wrote. “Secure authentication should not be non di serie. And they’ve got to be completely transparent about steps they are taking non attivato the back of this incident to strengthen things.”

Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware by purchasing them acceso online crime forums.

Ticketmaster parent Nation—which disclosed Friday that hackers gained access to it stored through an unnamed third-party provider—told TechCrunch the provider was Snowflake. The live-event scontrino broker said it identified the hack acceso May 20, and a week later, a “criminal threat actor offered what it alleged to be Company user for criterio rotta the dark web.”

Ticketmaster is one of six Snowflake customers to be con the hacking campaign, said independent security researcher Kevin Beaumont, citing conversations with people inside the affected companies. Australia’s Signal Directorate said Saturday it knew of “successful compromises of several companies utilizing Snowflake environments.” Researchers with security firm Hudson Rock said con a now-deleted post that Santander, Spain’s biggest bank, was also hacked con the campaign. The researchers cited online text conversations with the threat actor. Last month, Santander disclosed a breach affecting customers con Chile, Spain, and Uruguay.

“The tl;dr of the Snowflake thing is mass scraping has been , but nobody noticed, and they’sovrano pointing at customers for having poor credentials,” Beaumont wrote acceso Mastodon. “It appears a lot of has gone walkies from a bunch of orgs.”

Word of the hacks came weeks after a hacking group calling itself ShinyHunters took credit for breaching Santander and Ticketmaster and posted purportedly belonging to both as evidence. The group took to a Breach riunione to seek $2 million for the Santander , which it said included 30 million customer records, 6 million account numbers, and 28 million credit card numbers. It sought $500,000 for the Ticketmaster , which the group claimed included full names, addresses, phone numbers, and partial credit card numbers for 560 million customers.

Beaumont didn’t name the group behind the attacks against Snowflake customers but described it as “a teen crimeware group who’ve been active publicly acceso Telegram for a while and regularly relies acceso infostealer malware to obtain sensitive credentials.

The group has been responsible for hacks acceso dozens of organizations, with a small number of them including:

According to Snowflake, the threat actor used already compromised account credentials con the campaign against its customers. Those accounts weren’t protected by multifactor authentication (MFA).

Snowflake also said that the threat actor used compromised credentials to a former employee account that wasn’t protected by MFA. That account, the company said, was created for demonstration purposes.

“It did not contain sensitive ,” Snowflake’s notification stated. “Demo accounts are not connected to Snowflake’s production corporate systems.”

The company urges all customers to ensure all their accounts are protected with MFA. The statement added that customers should also check their accounts for signs of compromise using these indicators.

“Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted,” the company said con the post.

Snowflake and the two security firms it has retained to investigate the incident—Mandiant and Crowdstrike—said they have yet to find any evidence the breaches are a result of a “vulnerability, misconfiguration, breach of Snowflake’s platform.” But Beaumont said the cloud provider shares some of the responsibility for the breaches because setting up MFA acceso Snowflake is too cumbersome. He cited the breach of the former employee’s demo account as support.

“They need to, at an engineering and secure by level, go back and review how authentication works—as it’s pretty transparent that given the number of victims and scale of the breach that the status quo hasn’t worked,” Beaumont wrote. “Secure authentication should not be non di serie. And they’ve got to be completely transparent about steps they are taking non attivato the back of this incident to strengthen things.”

Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware by purchasing them acceso online crime forums.

Ticketmaster parent Nation—which disclosed Friday that hackers gained access to it stored through an unnamed third-party provider—told TechCrunch the provider was Snowflake. The live-event scontrino broker said it identified the hack acceso May 20, and a week later, a “criminal threat actor offered what it alleged to be Company user for criterio rotta the dark web.”

Ticketmaster is one of six Snowflake customers to be con the hacking campaign, said independent security researcher Kevin Beaumont, citing conversations with people inside the affected companies. Australia’s Signal Directorate said Saturday it knew of “successful compromises of several companies utilizing Snowflake environments.” Researchers with security firm Hudson Rock said con a now-deleted post that Santander, Spain’s biggest bank, was also hacked con the campaign. The researchers cited online text conversations with the threat actor. Last month, Santander disclosed a breach affecting customers con Chile, Spain, and Uruguay.

“The tl;dr of the Snowflake thing is mass scraping has been , but nobody noticed, and they’sovrano pointing at customers for having poor credentials,” Beaumont wrote acceso Mastodon. “It appears a lot of has gone walkies from a bunch of orgs.”

Word of the hacks came weeks after a hacking group calling itself ShinyHunters took credit for breaching Santander and Ticketmaster and posted purportedly belonging to both as evidence. The group took to a Breach riunione to seek $2 million for the Santander , which it said included 30 million customer records, 6 million account numbers, and 28 million credit card numbers. It sought $500,000 for the Ticketmaster , which the group claimed included full names, addresses, phone numbers, and partial credit card numbers for 560 million customers.

Beaumont didn’t name the group behind the attacks against Snowflake customers but described it as “a teen crimeware group who’ve been active publicly acceso Telegram for a while and regularly relies acceso infostealer malware to obtain sensitive credentials.

The group has been responsible for hacks acceso dozens of organizations, with a small number of them including:

According to Snowflake, the threat actor used already compromised account credentials con the campaign against its customers. Those accounts weren’t protected by multifactor authentication (MFA).

Snowflake also said that the threat actor used compromised credentials to a former employee account that wasn’t protected by MFA. That account, the company said, was created for demonstration purposes.

“It did not contain sensitive ,” Snowflake’s notification stated. “Demo accounts are not connected to Snowflake’s production corporate systems.”

The company urges all customers to ensure all their accounts are protected with MFA. The statement added that customers should also check their accounts for signs of compromise using these indicators.

“Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted,” the company said con the post.

Snowflake and the two security firms it has retained to investigate the incident—Mandiant and Crowdstrike—said they have yet to find any evidence the breaches are a result of a “vulnerability, misconfiguration, breach of Snowflake’s platform.” But Beaumont said the cloud provider shares some of the responsibility for the breaches because setting up MFA acceso Snowflake is too cumbersome. He cited the breach of the former employee’s demo account as support.

“They need to, at an engineering and secure by level, go back and review how authentication works—as it’s pretty transparent that given the number of victims and scale of the breach that the status quo hasn’t worked,” Beaumont wrote. “Secure authentication should not be non di serie. And they’ve got to be completely transparent about steps they are taking non attivato the back of this incident to strengthen things.”

Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware by purchasing them acceso online crime forums.

Ticketmaster parent Nation—which disclosed Friday that hackers gained access to it stored through an unnamed third-party provider—told TechCrunch the provider was Snowflake. The live-event scontrino broker said it identified the hack acceso May 20, and a week later, a “criminal threat actor offered what it alleged to be Company user for criterio rotta the dark web.”

Ticketmaster is one of six Snowflake customers to be con the hacking campaign, said independent security researcher Kevin Beaumont, citing conversations with people inside the affected companies. Australia’s Signal Directorate said Saturday it knew of “successful compromises of several companies utilizing Snowflake environments.” Researchers with security firm Hudson Rock said con a now-deleted post that Santander, Spain’s biggest bank, was also hacked con the campaign. The researchers cited online text conversations with the threat actor. Last month, Santander disclosed a breach affecting customers con Chile, Spain, and Uruguay.

“The tl;dr of the Snowflake thing is mass scraping has been , but nobody noticed, and they’sovrano pointing at customers for having poor credentials,” Beaumont wrote acceso Mastodon. “It appears a lot of has gone walkies from a bunch of orgs.”

Word of the hacks came weeks after a hacking group calling itself ShinyHunters took credit for breaching Santander and Ticketmaster and posted purportedly belonging to both as evidence. The group took to a Breach riunione to seek $2 million for the Santander , which it said included 30 million customer records, 6 million account numbers, and 28 million credit card numbers. It sought $500,000 for the Ticketmaster , which the group claimed included full names, addresses, phone numbers, and partial credit card numbers for 560 million customers.

Beaumont didn’t name the group behind the attacks against Snowflake customers but described it as “a teen crimeware group who’ve been active publicly acceso Telegram for a while and regularly relies acceso infostealer malware to obtain sensitive credentials.

The group has been responsible for hacks acceso dozens of organizations, with a small number of them including:

According to Snowflake, the threat actor used already compromised account credentials con the campaign against its customers. Those accounts weren’t protected by multifactor authentication (MFA).

Snowflake also said that the threat actor used compromised credentials to a former employee account that wasn’t protected by MFA. That account, the company said, was created for demonstration purposes.

“It did not contain sensitive ,” Snowflake’s notification stated. “Demo accounts are not connected to Snowflake’s production corporate systems.”

The company urges all customers to ensure all their accounts are protected with MFA. The statement added that customers should also check their accounts for signs of compromise using these indicators.

“Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted,” the company said con the post.

Snowflake and the two security firms it has retained to investigate the incident—Mandiant and Crowdstrike—said they have yet to find any evidence the breaches are a result of a “vulnerability, misconfiguration, breach of Snowflake’s platform.” But Beaumont said the cloud provider shares some of the responsibility for the breaches because setting up MFA acceso Snowflake is too cumbersome. He cited the breach of the former employee’s demo account as support.

“They need to, at an engineering and secure by level, go back and review how authentication works—as it’s pretty transparent that given the number of victims and scale of the breach that the status quo hasn’t worked,” Beaumont wrote. “Secure authentication should not be non di serie. And they’ve got to be completely transparent about steps they are taking non attivato the back of this incident to strengthen things.”

Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware by purchasing them acceso online crime forums.

Ticketmaster parent Nation—which disclosed Friday that hackers gained access to it stored through an unnamed third-party provider—told TechCrunch the provider was Snowflake. The live-event scontrino broker said it identified the hack acceso May 20, and a week later, a “criminal threat actor offered what it alleged to be Company user for criterio rotta the dark web.”

Ticketmaster is one of six Snowflake customers to be con the hacking campaign, said independent security researcher Kevin Beaumont, citing conversations with people inside the affected companies. Australia’s Signal Directorate said Saturday it knew of “successful compromises of several companies utilizing Snowflake environments.” Researchers with security firm Hudson Rock said con a now-deleted post that Santander, Spain’s biggest bank, was also hacked con the campaign. The researchers cited online text conversations with the threat actor. Last month, Santander disclosed a breach affecting customers con Chile, Spain, and Uruguay.

“The tl;dr of the Snowflake thing is mass scraping has been , but nobody noticed, and they’sovrano pointing at customers for having poor credentials,” Beaumont wrote acceso Mastodon. “It appears a lot of has gone walkies from a bunch of orgs.”

Word of the hacks came weeks after a hacking group calling itself ShinyHunters took credit for breaching Santander and Ticketmaster and posted purportedly belonging to both as evidence. The group took to a Breach riunione to seek $2 million for the Santander , which it said included 30 million customer records, 6 million account numbers, and 28 million credit card numbers. It sought $500,000 for the Ticketmaster , which the group claimed included full names, addresses, phone numbers, and partial credit card numbers for 560 million customers.

Beaumont didn’t name the group behind the attacks against Snowflake customers but described it as “a teen crimeware group who’ve been active publicly acceso Telegram for a while and regularly relies acceso infostealer malware to obtain sensitive credentials.

The group has been responsible for hacks acceso dozens of organizations, with a small number of them including:

According to Snowflake, the threat actor used already compromised account credentials con the campaign against its customers. Those accounts weren’t protected by multifactor authentication (MFA).

Snowflake also said that the threat actor used compromised credentials to a former employee account that wasn’t protected by MFA. That account, the company said, was created for demonstration purposes.

“It did not contain sensitive ,” Snowflake’s notification stated. “Demo accounts are not connected to Snowflake’s production corporate systems.”

The company urges all customers to ensure all their accounts are protected with MFA. The statement added that customers should also check their accounts for signs of compromise using these indicators.

“Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted,” the company said con the post.

Snowflake and the two security firms it has retained to investigate the incident—Mandiant and Crowdstrike—said they have yet to find any evidence the breaches are a result of a “vulnerability, misconfiguration, breach of Snowflake’s platform.” But Beaumont said the cloud provider shares some of the responsibility for the breaches because setting up MFA acceso Snowflake is too cumbersome. He cited the breach of the former employee’s demo account as support.

“They need to, at an engineering and secure by level, go back and review how authentication works—as it’s pretty transparent that given the number of victims and scale of the breach that the status quo hasn’t worked,” Beaumont wrote. “Secure authentication should not be non di serie. And they’ve got to be completely transparent about steps they are taking non attivato the back of this incident to strengthen things.”

Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware by purchasing them acceso online crime forums.

Ticketmaster parent Nation—which disclosed Friday that hackers gained access to it stored through an unnamed third-party provider—told TechCrunch the provider was Snowflake. The live-event scontrino broker said it identified the hack acceso May 20, and a week later, a “criminal threat actor offered what it alleged to be Company user for criterio rotta the dark web.”

Ticketmaster is one of six Snowflake customers to be con the hacking campaign, said independent security researcher Kevin Beaumont, citing conversations with people inside the affected companies. Australia’s Signal Directorate said Saturday it knew of “successful compromises of several companies utilizing Snowflake environments.” Researchers with security firm Hudson Rock said con a now-deleted post that Santander, Spain’s biggest bank, was also hacked con the campaign. The researchers cited online text conversations with the threat actor. Last month, Santander disclosed a breach affecting customers con Chile, Spain, and Uruguay.

“The tl;dr of the Snowflake thing is mass scraping has been , but nobody noticed, and they’sovrano pointing at customers for having poor credentials,” Beaumont wrote acceso Mastodon. “It appears a lot of has gone walkies from a bunch of orgs.”

Word of the hacks came weeks after a hacking group calling itself ShinyHunters took credit for breaching Santander and Ticketmaster and posted purportedly belonging to both as evidence. The group took to a Breach riunione to seek $2 million for the Santander , which it said included 30 million customer records, 6 million account numbers, and 28 million credit card numbers. It sought $500,000 for the Ticketmaster , which the group claimed included full names, addresses, phone numbers, and partial credit card numbers for 560 million customers.

Beaumont didn’t name the group behind the attacks against Snowflake customers but described it as “a teen crimeware group who’ve been active publicly acceso Telegram for a while and regularly relies acceso infostealer malware to obtain sensitive credentials.

The group has been responsible for hacks acceso dozens of organizations, with a small number of them including:

According to Snowflake, the threat actor used already compromised account credentials con the campaign against its customers. Those accounts weren’t protected by multifactor authentication (MFA).

Snowflake also said that the threat actor used compromised credentials to a former employee account that wasn’t protected by MFA. That account, the company said, was created for demonstration purposes.

“It did not contain sensitive ,” Snowflake’s notification stated. “Demo accounts are not connected to Snowflake’s production corporate systems.”

The company urges all customers to ensure all their accounts are protected with MFA. The statement added that customers should also check their accounts for signs of compromise using these indicators.

“Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted,” the company said con the post.

Snowflake and the two security firms it has retained to investigate the incident—Mandiant and Crowdstrike—said they have yet to find any evidence the breaches are a result of a “vulnerability, misconfiguration, breach of Snowflake’s platform.” But Beaumont said the cloud provider shares some of the responsibility for the breaches because setting up MFA acceso Snowflake is too cumbersome. He cited the breach of the former employee’s demo account as support.

“They need to, at an engineering and secure by level, go back and review how authentication works—as it’s pretty transparent that given the number of victims and scale of the breach that the status quo hasn’t worked,” Beaumont wrote. “Secure authentication should not be non di serie. And they’ve got to be completely transparent about steps they are taking non attivato the back of this incident to strengthen things.”

Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware by purchasing them acceso online crime forums.

Ticketmaster parent Nation—which disclosed Friday that hackers gained access to it stored through an unnamed third-party provider—told TechCrunch the provider was Snowflake. The live-event scontrino broker said it identified the hack acceso May 20, and a week later, a “criminal threat actor offered what it alleged to be Company user for criterio rotta the dark web.”

Ticketmaster is one of six Snowflake customers to be con the hacking campaign, said independent security researcher Kevin Beaumont, citing conversations with people inside the affected companies. Australia’s Signal Directorate said Saturday it knew of “successful compromises of several companies utilizing Snowflake environments.” Researchers with security firm Hudson Rock said con a now-deleted post that Santander, Spain’s biggest bank, was also hacked con the campaign. The researchers cited online text conversations with the threat actor. Last month, Santander disclosed a breach affecting customers con Chile, Spain, and Uruguay.

“The tl;dr of the Snowflake thing is mass scraping has been , but nobody noticed, and they’sovrano pointing at customers for having poor credentials,” Beaumont wrote acceso Mastodon. “It appears a lot of has gone walkies from a bunch of orgs.”

Word of the hacks came weeks after a hacking group calling itself ShinyHunters took credit for breaching Santander and Ticketmaster and posted purportedly belonging to both as evidence. The group took to a Breach riunione to seek $2 million for the Santander , which it said included 30 million customer records, 6 million account numbers, and 28 million credit card numbers. It sought $500,000 for the Ticketmaster , which the group claimed included full names, addresses, phone numbers, and partial credit card numbers for 560 million customers.

Beaumont didn’t name the group behind the attacks against Snowflake customers but described it as “a teen crimeware group who’ve been active publicly acceso Telegram for a while and regularly relies acceso infostealer malware to obtain sensitive credentials.

The group has been responsible for hacks acceso dozens of organizations, with a small number of them including:

According to Snowflake, the threat actor used already compromised account credentials con the campaign against its customers. Those accounts weren’t protected by multifactor authentication (MFA).

Snowflake also said that the threat actor used compromised credentials to a former employee account that wasn’t protected by MFA. That account, the company said, was created for demonstration purposes.

“It did not contain sensitive ,” Snowflake’s notification stated. “Demo accounts are not connected to Snowflake’s production corporate systems.”

The company urges all customers to ensure all their accounts are protected with MFA. The statement added that customers should also check their accounts for signs of compromise using these indicators.

“Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted,” the company said con the post.

Snowflake and the two security firms it has retained to investigate the incident—Mandiant and Crowdstrike—said they have yet to find any evidence the breaches are a result of a “vulnerability, misconfiguration, breach of Snowflake’s platform.” But Beaumont said the cloud provider shares some of the responsibility for the breaches because setting up MFA acceso Snowflake is too cumbersome. He cited the breach of the former employee’s demo account as support.

“They need to, at an engineering and secure by level, go back and review how authentication works—as it’s pretty transparent that given the number of victims and scale of the breach that the status quo hasn’t worked,” Beaumont wrote. “Secure authentication should not be non di serie. And they’ve got to be completely transparent about steps they are taking non attivato the back of this incident to strengthen things.”

Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware by purchasing them acceso online crime forums.

Ticketmaster parent Nation—which disclosed Friday that hackers gained access to it stored through an unnamed third-party provider—told TechCrunch the provider was Snowflake. The live-event scontrino broker said it identified the hack acceso May 20, and a week later, a “criminal threat actor offered what it alleged to be Company user for criterio rotta the dark web.”

Ticketmaster is one of six Snowflake customers to be con the hacking campaign, said independent security researcher Kevin Beaumont, citing conversations with people inside the affected companies. Australia’s Signal Directorate said Saturday it knew of “successful compromises of several companies utilizing Snowflake environments.” Researchers with security firm Hudson Rock said con a now-deleted post that Santander, Spain’s biggest bank, was also hacked con the campaign. The researchers cited online text conversations with the threat actor. Last month, Santander disclosed a breach affecting customers con Chile, Spain, and Uruguay.

“The tl;dr of the Snowflake thing is mass scraping has been , but nobody noticed, and they’sovrano pointing at customers for having poor credentials,” Beaumont wrote acceso Mastodon. “It appears a lot of has gone walkies from a bunch of orgs.”

Word of the hacks came weeks after a hacking group calling itself ShinyHunters took credit for breaching Santander and Ticketmaster and posted purportedly belonging to both as evidence. The group took to a Breach riunione to seek $2 million for the Santander , which it said included 30 million customer records, 6 million account numbers, and 28 million credit card numbers. It sought $500,000 for the Ticketmaster , which the group claimed included full names, addresses, phone numbers, and partial credit card numbers for 560 million customers.

Beaumont didn’t name the group behind the attacks against Snowflake customers but described it as “a teen crimeware group who’ve been active publicly acceso Telegram for a while and regularly relies acceso infostealer malware to obtain sensitive credentials.

The group has been responsible for hacks acceso dozens of organizations, with a small number of them including:

According to Snowflake, the threat actor used already compromised account credentials con the campaign against its customers. Those accounts weren’t protected by multifactor authentication (MFA).

Snowflake also said that the threat actor used compromised credentials to a former employee account that wasn’t protected by MFA. That account, the company said, was created for demonstration purposes.

“It did not contain sensitive ,” Snowflake’s notification stated. “Demo accounts are not connected to Snowflake’s production corporate systems.”

The company urges all customers to ensure all their accounts are protected with MFA. The statement added that customers should also check their accounts for signs of compromise using these indicators.

“Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted,” the company said con the post.

Snowflake and the two security firms it has retained to investigate the incident—Mandiant and Crowdstrike—said they have yet to find any evidence the breaches are a result of a “vulnerability, misconfiguration, breach of Snowflake’s platform.” But Beaumont said the cloud provider shares some of the responsibility for the breaches because setting up MFA acceso Snowflake is too cumbersome. He cited the breach of the former employee’s demo account as support.

“They need to, at an engineering and secure by level, go back and review how authentication works—as it’s pretty transparent that given the number of victims and scale of the breach that the status quo hasn’t worked,” Beaumont wrote. “Secure authentication should not be non di serie. And they’ve got to be completely transparent about steps they are taking non attivato the back of this incident to strengthen things.”

Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware by purchasing them acceso online crime forums.

Ticketmaster parent Nation—which disclosed Friday that hackers gained access to it stored through an unnamed third-party provider—told TechCrunch the provider was Snowflake. The live-event scontrino broker said it identified the hack acceso May 20, and a week later, a “criminal threat actor offered what it alleged to be Company user for criterio rotta the dark web.”

Ticketmaster is one of six Snowflake customers to be con the hacking campaign, said independent security researcher Kevin Beaumont, citing conversations with people inside the affected companies. Australia’s Signal Directorate said Saturday it knew of “successful compromises of several companies utilizing Snowflake environments.” Researchers with security firm Hudson Rock said con a now-deleted post that Santander, Spain’s biggest bank, was also hacked con the campaign. The researchers cited online text conversations with the threat actor. Last month, Santander disclosed a breach affecting customers con Chile, Spain, and Uruguay.

“The tl;dr of the Snowflake thing is mass scraping has been , but nobody noticed, and they’sovrano pointing at customers for having poor credentials,” Beaumont wrote acceso Mastodon. “It appears a lot of has gone walkies from a bunch of orgs.”

Word of the hacks came weeks after a hacking group calling itself ShinyHunters took credit for breaching Santander and Ticketmaster and posted purportedly belonging to both as evidence. The group took to a Breach riunione to seek $2 million for the Santander , which it said included 30 million customer records, 6 million account numbers, and 28 million credit card numbers. It sought $500,000 for the Ticketmaster , which the group claimed included full names, addresses, phone numbers, and partial credit card numbers for 560 million customers.

Beaumont didn’t name the group behind the attacks against Snowflake customers but described it as “a teen crimeware group who’ve been active publicly acceso Telegram for a while and regularly relies acceso infostealer malware to obtain sensitive credentials.

The group has been responsible for hacks acceso dozens of organizations, with a small number of them including:

According to Snowflake, the threat actor used already compromised account credentials con the campaign against its customers. Those accounts weren’t protected by multifactor authentication (MFA).

Snowflake also said that the threat actor used compromised credentials to a former employee account that wasn’t protected by MFA. That account, the company said, was created for demonstration purposes.

“It did not contain sensitive ,” Snowflake’s notification stated. “Demo accounts are not connected to Snowflake’s production corporate systems.”

The company urges all customers to ensure all their accounts are protected with MFA. The statement added that customers should also check their accounts for signs of compromise using these indicators.

“Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted,” the company said con the post.

Snowflake and the two security firms it has retained to investigate the incident—Mandiant and Crowdstrike—said they have yet to find any evidence the breaches are a result of a “vulnerability, misconfiguration, breach of Snowflake’s platform.” But Beaumont said the cloud provider shares some of the responsibility for the breaches because setting up MFA acceso Snowflake is too cumbersome. He cited the breach of the former employee’s demo account as support.

“They need to, at an engineering and secure by level, go back and review how authentication works—as it’s pretty transparent that given the number of victims and scale of the breach that the status quo hasn’t worked,” Beaumont wrote. “Secure authentication should not be non di serie. And they’ve got to be completely transparent about steps they are taking non attivato the back of this incident to strengthen things.”

Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware by purchasing them acceso online crime forums.

Ticketmaster parent Nation—which disclosed Friday that hackers gained access to it stored through an unnamed third-party provider—told TechCrunch the provider was Snowflake. The live-event scontrino broker said it identified the hack acceso May 20, and a week later, a “criminal threat actor offered what it alleged to be Company user for criterio rotta the dark web.”

Ticketmaster is one of six Snowflake customers to be con the hacking campaign, said independent security researcher Kevin Beaumont, citing conversations with people inside the affected companies. Australia’s Signal Directorate said Saturday it knew of “successful compromises of several companies utilizing Snowflake environments.” Researchers with security firm Hudson Rock said con a now-deleted post that Santander, Spain’s biggest bank, was also hacked con the campaign. The researchers cited online text conversations with the threat actor. Last month, Santander disclosed a breach affecting customers con Chile, Spain, and Uruguay.

“The tl;dr of the Snowflake thing is mass scraping has been , but nobody noticed, and they’sovrano pointing at customers for having poor credentials,” Beaumont wrote acceso Mastodon. “It appears a lot of has gone walkies from a bunch of orgs.”

Word of the hacks came weeks after a hacking group calling itself ShinyHunters took credit for breaching Santander and Ticketmaster and posted purportedly belonging to both as evidence. The group took to a Breach riunione to seek $2 million for the Santander , which it said included 30 million customer records, 6 million account numbers, and 28 million credit card numbers. It sought $500,000 for the Ticketmaster , which the group claimed included full names, addresses, phone numbers, and partial credit card numbers for 560 million customers.

Beaumont didn’t name the group behind the attacks against Snowflake customers but described it as “a teen crimeware group who’ve been active publicly acceso Telegram for a while and regularly relies acceso infostealer malware to obtain sensitive credentials.

The group has been responsible for hacks acceso dozens of organizations, with a small number of them including:

According to Snowflake, the threat actor used already compromised account credentials con the campaign against its customers. Those accounts weren’t protected by multifactor authentication (MFA).

Snowflake also said that the threat actor used compromised credentials to a former employee account that wasn’t protected by MFA. That account, the company said, was created for demonstration purposes.

“It did not contain sensitive ,” Snowflake’s notification stated. “Demo accounts are not connected to Snowflake’s production corporate systems.”

The company urges all customers to ensure all their accounts are protected with MFA. The statement added that customers should also check their accounts for signs of compromise using these indicators.

“Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted,” the company said con the post.

Snowflake and the two security firms it has retained to investigate the incident—Mandiant and Crowdstrike—said they have yet to find any evidence the breaches are a result of a “vulnerability, misconfiguration, breach of Snowflake’s platform.” But Beaumont said the cloud provider shares some of the responsibility for the breaches because setting up MFA acceso Snowflake is too cumbersome. He cited the breach of the former employee’s demo account as support.

“They need to, at an engineering and secure by level, go back and review how authentication works—as it’s pretty transparent that given the number of victims and scale of the breach that the status quo hasn’t worked,” Beaumont wrote. “Secure authentication should not be non di serie. And they’ve got to be completely transparent about steps they are taking non attivato the back of this incident to strengthen things.”

Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware by purchasing them acceso online crime forums.

Ticketmaster parent Nation—which disclosed Friday that hackers gained access to it stored through an unnamed third-party provider—told TechCrunch the provider was Snowflake. The live-event scontrino broker said it identified the hack acceso May 20, and a week later, a “criminal threat actor offered what it alleged to be Company user for criterio rotta the dark web.”

Ticketmaster is one of six Snowflake customers to be con the hacking campaign, said independent security researcher Kevin Beaumont, citing conversations with people inside the affected companies. Australia’s Signal Directorate said Saturday it knew of “successful compromises of several companies utilizing Snowflake environments.” Researchers with security firm Hudson Rock said con a now-deleted post that Santander, Spain’s biggest bank, was also hacked con the campaign. The researchers cited online text conversations with the threat actor. Last month, Santander disclosed a breach affecting customers con Chile, Spain, and Uruguay.

“The tl;dr of the Snowflake thing is mass scraping has been , but nobody noticed, and they’sovrano pointing at customers for having poor credentials,” Beaumont wrote acceso Mastodon. “It appears a lot of has gone walkies from a bunch of orgs.”

Word of the hacks came weeks after a hacking group calling itself ShinyHunters took credit for breaching Santander and Ticketmaster and posted purportedly belonging to both as evidence. The group took to a Breach riunione to seek $2 million for the Santander , which it said included 30 million customer records, 6 million account numbers, and 28 million credit card numbers. It sought $500,000 for the Ticketmaster , which the group claimed included full names, addresses, phone numbers, and partial credit card numbers for 560 million customers.

Beaumont didn’t name the group behind the attacks against Snowflake customers but described it as “a teen crimeware group who’ve been active publicly acceso Telegram for a while and regularly relies acceso infostealer malware to obtain sensitive credentials.

The group has been responsible for hacks acceso dozens of organizations, with a small number of them including:

According to Snowflake, the threat actor used already compromised account credentials con the campaign against its customers. Those accounts weren’t protected by multifactor authentication (MFA).

Snowflake also said that the threat actor used compromised credentials to a former employee account that wasn’t protected by MFA. That account, the company said, was created for demonstration purposes.

“It did not contain sensitive ,” Snowflake’s notification stated. “Demo accounts are not connected to Snowflake’s production corporate systems.”

The company urges all customers to ensure all their accounts are protected with MFA. The statement added that customers should also check their accounts for signs of compromise using these indicators.

“Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted,” the company said con the post.

Snowflake and the two security firms it has retained to investigate the incident—Mandiant and Crowdstrike—said they have yet to find any evidence the breaches are a result of a “vulnerability, misconfiguration, breach of Snowflake’s platform.” But Beaumont said the cloud provider shares some of the responsibility for the breaches because setting up MFA acceso Snowflake is too cumbersome. He cited the breach of the former employee’s demo account as support.

“They need to, at an engineering and secure by level, go back and review how authentication works—as it’s pretty transparent that given the number of victims and scale of the breach that the status quo hasn’t worked,” Beaumont wrote. “Secure authentication should not be non di serie. And they’ve got to be completely transparent about steps they are taking non attivato the back of this incident to strengthen things.”

Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware by purchasing them acceso online crime forums.

Ticketmaster parent Nation—which disclosed Friday that hackers gained access to it stored through an unnamed third-party provider—told TechCrunch the provider was Snowflake. The live-event scontrino broker said it identified the hack acceso May 20, and a week later, a “criminal threat actor offered what it alleged to be Company user for criterio rotta the dark web.”

Ticketmaster is one of six Snowflake customers to be con the hacking campaign, said independent security researcher Kevin Beaumont, citing conversations with people inside the affected companies. Australia’s Signal Directorate said Saturday it knew of “successful compromises of several companies utilizing Snowflake environments.” Researchers with security firm Hudson Rock said con a now-deleted post that Santander, Spain’s biggest bank, was also hacked con the campaign. The researchers cited online text conversations with the threat actor. Last month, Santander disclosed a breach affecting customers con Chile, Spain, and Uruguay.

“The tl;dr of the Snowflake thing is mass scraping has been , but nobody noticed, and they’sovrano pointing at customers for having poor credentials,” Beaumont wrote acceso Mastodon. “It appears a lot of has gone walkies from a bunch of orgs.”

Word of the hacks came weeks after a hacking group calling itself ShinyHunters took credit for breaching Santander and Ticketmaster and posted purportedly belonging to both as evidence. The group took to a Breach riunione to seek $2 million for the Santander , which it said included 30 million customer records, 6 million account numbers, and 28 million credit card numbers. It sought $500,000 for the Ticketmaster , which the group claimed included full names, addresses, phone numbers, and partial credit card numbers for 560 million customers.

Beaumont didn’t name the group behind the attacks against Snowflake customers but described it as “a teen crimeware group who’ve been active publicly acceso Telegram for a while and regularly relies acceso infostealer malware to obtain sensitive credentials.

The group has been responsible for hacks acceso dozens of organizations, with a small number of them including:

According to Snowflake, the threat actor used already compromised account credentials con the campaign against its customers. Those accounts weren’t protected by multifactor authentication (MFA).

Snowflake also said that the threat actor used compromised credentials to a former employee account that wasn’t protected by MFA. That account, the company said, was created for demonstration purposes.

“It did not contain sensitive ,” Snowflake’s notification stated. “Demo accounts are not connected to Snowflake’s production corporate systems.”

The company urges all customers to ensure all their accounts are protected with MFA. The statement added that customers should also check their accounts for signs of compromise using these indicators.

“Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted,” the company said con the post.

Snowflake and the two security firms it has retained to investigate the incident—Mandiant and Crowdstrike—said they have yet to find any evidence the breaches are a result of a “vulnerability, misconfiguration, breach of Snowflake’s platform.” But Beaumont said the cloud provider shares some of the responsibility for the breaches because setting up MFA acceso Snowflake is too cumbersome. He cited the breach of the former employee’s demo account as support.

“They need to, at an engineering and secure by level, go back and review how authentication works—as it’s pretty transparent that given the number of victims and scale of the breach that the status quo hasn’t worked,” Beaumont wrote. “Secure authentication should not be non di serie. And they’ve got to be completely transparent about steps they are taking non attivato the back of this incident to strengthen things.”