Sridhar Ramaswamy, CEO of Snowflake and former co-founder and CEO of startup Neeva, speaks at the Collision conference in Toronto on June 21, 2022.
Eoin Noonan | Sports Archives | Collision | Getty Images
snowflake The company has spent the past seven weeks dealing with the aftermath of a major cyberattack that compromised the sensitive customer data of several of its customers. The software company’s problems got worse.
telecom giant AT&T say in one Supervision filing On Friday, hackers broke into a cloud platform that stores customer data and obtained users’ call and text message records for six months in 2022. .
An AT&T spokesperson told CNBC that the cloud service is owned by Snowflake. Snowflake shares fell 1.8% on Friday, while the Nasdaq rose 0.6%.
This is the worst incident since Snowflake disclosed The breach, which occurred on May 30, wrote in a blog post at the time, “We became aware on May 23, 2024 that certain customer accounts may have been subject to unauthorized access.” Snowflake gained cybersecurity Software vendor assistance mass strike and alphabetical Order an investigation.
Mandiant wrote in an article blog post Last month, the company and Snowflake notified 165 “potentially exposed organizations” of the incident through the Victim Notification Program. Mandiant blamed the hack on a financially motivated group called UNC5537, which has members across North America and Turkey. UNC5537 exploits login credentials provided online after being individually stolen using malware.
Before Friday, the most prominent companies linked to the Snowflake breach were Advanced auto partsLendingTree, Ticketmaster operators live country and Santanderwhich says mid maySnowflake’s disclosure follows “We recently became aware of unauthorized access to a Santander database hosted by a third-party provider.”
AT&T is bigger. The company had 242 million As of the end of last year, its wireless mobile service customers in the United States had reached 128 million units.
The carrier said the leaked data covers “nearly all AT&T wireless customers and MVNO customers” who use its wireless network.
“While the data does not include customer names, there are often ways to find names associated with specific phone numbers using publicly available online tools,” AT&T wrote. Attackers cannot access the content of calls or text messages.
A Snowflake spokesperson had no comment when asked about the AT&T hack. The spokesperson cited the company’s previous statement about the attack.
Mandiant said in its blog post that some malware infections in non-Snowflake-owned systems date back to 2020, and that in some cases, credentials were still valid years after they were stolen. In some cases, the credentials were obtained on computers used by contractors for Snowflake customers, and the devices were also used for personal activities, including downloading pirated software.
Mandiant said the username and password were enough to allow UNC5537 to enter the customer’s Snowflake environment because they did not have multi-factor authentication turned on. From there, the hackers exported “a large amount of customer data.” Mandiant added that UNC5537 has since begun extorting victims and attempting to sell customer data online.
AT&T said Friday it did not expect the attack to have a significant impact on its finances.
But snowflakes have warn investors The company could face reputational damage and “significant liability” if it “experiences an actual or perceived security breach or otherwise gains access to our customer data, our materials or our platform by unauthorized parties.”
Earlier this week, Snowflake released blog post Says administrators can force multi-factor authentication.
The deepening saga is an increasing challenge for former Google executive Sridhar Ramaswamy. replaced Frank Slootman serves as CEO of Snowflake. Days before the hack was disclosed, Snowflake shares fell 5% after management lowered the company’s full-year adjusted operating income forecast.
Founded in 2012, Snowflake went public in 2020, raising more than $3 billion in funding, the largest initial public offering ever for a software company. Since a big first day popular Snowflake has a market value of more than $70 billion, but its stock price has declined. Its shares closed at $134.73 on Friday, valuing it at about $45 billion.
