Snowflake: No breach, just compromised credentials, say researchers

Snowflake, a popular online spot where companies keep their data, has been in the hot seat recently. Some people using Snowflake got a big scare when it looked like the place might have been broken into by hackers. But the good news is, after a team of digital detective experts from a group called Mandiant checked things out, they said there was no break-in at Snowflake’s own digital home. Instead, it turns out some users had their Snowflake keys (which are really just usernames and passwords) stolen, and that’s how the bad guys got in.

What’s interesting here is that Mandiant didn’t just point out the problem, they also let Snowflake know which companies might be in danger. So far, they’ve told 165 organizations to be on the lookout for any funny business in their accounts. Mandiant is super smart about cyber stuff, and now they work under Google — which you might know as the website you go to when you need to find answers for your homework.

Now, because of the stolen keys, Snowflake is thinking of tightening its security. They’re considering making all users use something called multifactor authentication. That’s an extra step for getting into your account so it’s not just about knowing the secret password; you might also need a code from your phone or another proof that you’re really you.

Mandiant found out a few reasons why some of these Snowflake accounts got snuck into. First, they didn’t have this extra step turned on. Second, some folks were using old keys that should have been changed a long time ago. And third, they weren’t picky about where people could get in from (they didn’t use something called ‘network allow lists’).

But don’t think this is just a Snowflake issue. It could happen to anyone using these giant digital storage places. Avishai Avivi from a company called SafeBreach mentioned how tricky this can be, especially when someone sneaks off with one of those cookies (and not the kind you eat) that keeps you signed in.

The first time someone spotted this issue was in mid-April, and by May, Mandiant was on the case and sharing what they were learning.

One expert from another group, Gartner, pointed out something people often forget: sometimes they like things easy, even if it’s not the safest option. Snowflake gave people the tools for better security, but not everyone used them. The expert suggested that maybe it’s better to start everyone off with strong security, and let people who know their stuff choose to make it simpler if they need to.

At the end of the day, Snowflake is just the place where all this info is stored. It’s up to the companies putting their data there to know how important it is to keep that data safe.

Now, if this whole thing about online security has got you thinking about how safe your own digital jewels are, you’re not alone. This is where Diversified Outlook Group comes into play. We understand this world of digital security like the back of our hand, and we’re all about helping you keep your online treasure chest under lock and key. If you’re starting to wonder how to protect your data or just want to chat about what secure cloud storage should look like for you, drop us a line at support@diversifiedoutlookgroup.com. We’re here to help you navigate these waters and keep your digital ship sailing smoothly.

For further details on the incident with Snowflake and what the experts are saying, check out this URL: www.csoonline.com/article/2140487/snowflake-no-breach-just-compromised-credentials-say-researchers.html.

About the Author(s)

Contact Information

For inquiries or requests that require a more personal response, we will make every attempt to respond in a timely manner.

Address:

11990 Market Street, Reston, Virginia 20190, United States

Email:

support@diversifiedoutlookgroup.com

Get In Touch