Cloud data platform Snowflake has confirmed it is investigating a series of major data breaches among its customers, attributing the attacks to a “targeted threat campaign” using stolen login credentials. The company, in a joint statement with cybersecurity firms CrowdStrike and Mandiant, clarified that the incidents were not caused by a vulnerability in its own core platform but by attackers leveraging credentials pilfered from customer systems.
The widespread campaign has reportedly affected a significant number of Snowflake customers, with high-profile victims like Ticketmaster and Santander Bank already confirming related data compromises. According to the investigation, the threat actor utilized credentials obtained through various infostealer malware variants, targeting user accounts that were not protected by multi-factor authentication (MFA).
Snowflake stated it has identified and notified approximately 165 customers who were potentially exposed. The company is now actively working with those affected to secure their accounts and is strongly urging all of its clients to immediately implement MFA and review their security protocols. The incident underscores a critical vulnerability in the cloud supply chain: even when the central platform is secure, the security of the entire ecosystem depends on the practices of each individual customer.
The breach serves as a stark reminder of the persistent threat posed by credential theft and the essential role of robust identity and access management. As organizations increasingly migrate sensitive data to cloud environments, this event highlights the shared responsibility between vendors and customers in safeguarding the digital frontier.
English 
Deutsch