Scroll Top

Snowflake Cloud Security Breach Customer List Adds AT&T to MOAB – Update July 16, 2024

Snowflake MOAB Explosion Large Image 8March2024

The Data of nearly all customers of the telecommunications giant AT&T was downloaded from a third-party platform Snowflake.
July 16 2024 – Update

The data of nearly all customers of the telecommunications giant AT&T was downloaded from a third-party platform in a security breach, the company said Friday, as cyberattacks against businessesschools and health systems continue to spread globally.

The breach, which took place in April of this year but mostly involved data from 2022, hit AT&T’s cellular customers and customers of mobile virtual network operators using AT&T’s wireless network, as well as landline customers who interacted with those cellular numbers.

Approximately 109 million customer accounts were impacted, according to AT&T, which said that it currently doesn’t believe that the data is publicly available.

“The data does not contain the content of calls or texts, personal information such as Social Security numbers, dates of birth, or other personally identifiable information,” AT&T said Friday.

The compromised data also doesn’t include some information typically seen in usage details, such as the time stamp of calls or texts, the company said, or customer names. AT&T, however, said that there are often ways of using publicly available online tools to find the name associated with a specific telephone number.

Cybersecurity experts concurred, saying that such data can be used to trace users.

“While the information that was exposed doesn’t directly have sensitive information, it can be used to piece together events and who may be calling who. This could impact people’s private lives as private calls and connections could be exposed,” Thomas Richards, principal consultant at Synopsys Software Integrity Group, said in an emailed statement. “The business phone numbers will be easy to identify and private numbers can be matched to names with public record searches.”

An internal investigation determined that compromised data includes AT&T records of calls and texts between May 1, 2022 and Oct. 31, 2022.

AT&T identified the third-party platform as Snowflake and said that the incident was limited to an AT&T workspace on that cloud company’s platform and did not impact its network.

Cybersecurity experts say the sheer volume of data held by companies on cloud platforms can create its own perils.

“The AT&T data breach underscores the growing risks associated with the vast amounts of data companies now store on cloud and SaaS platforms,” said Roei Sherman, Field Chief Technology Officer at Mitiga, a threat detection and investigation company that focuses on cloud technology. “As organizations increasingly rely on these technologies, the complexity of detecting and investigating breaches has risen sharply.”

AT&T’s investigation is ongoing and it has engaged with cybersecurity experts to understand the nature and scope of the criminal breach. At least one person has been apprehended so far, according to the company so far.  (Source: AP News)

Ticketmaster Data Breach Potentially Succeeded due to Compromised Employee Credentials of Data Cloud Provider Snowflake

The Snowflake breach is raising concerns about the security of cloud storage providers. 560 million Ticketmaster customer accounts stolen from Snowflake Cloud.  The Data has been found on the dark web for sale at the price of $500,000 by the hacker group Shiny Hunters as a proxy for Threat Group.

Evidently a Snowflake employee who had a demo account to show customers Snowflakes data cloud service had their credentials stolen since they were not secured by Multifactor Authentication per company policy.  This allowed hackers to bypass security to access information that is stored on Snowflakes cloud.

The extent of this breach may be larger since other Snowflake customers like AT&T, HP, Instacart, and Mastercard use Snowflakes Cloud.

Ticketmaster is under severe scrutiny with customers and regulators demanding answers about their business practices.

Santander Bank Breach Exposes Personal Information of Customers Data on Snowflake Cloud

According to Santander data belonging to customers had been accessed through a third-party provider but no transactional data or credentials were affected that could lead to transactions being compromised.

Data leaked included HR details for staff, 30 million customers’ bank account details, and 28m credit card numbers.  Customer data was exposed in Chile, Spain, and Uruguay.  HR data was more widespread and affects current and former Santander employees.

Santander has activated the protocols necessary to block access to the data and has implemented fraud protection to protect those affected.

Advanced Auto Part Breach Confirmed Breach Data Stolen from Snowflake Cloud Provider Attack

The Snowflake Cloud Data Provider data breach is quickly becoming a domino affect as Advance Auto Part acknowledges the theft of 3 terabytes of data stolen. Advance Auto has about 4500 stores supplying customers with auto parts for their personal vehicles.

A Dataset containing 380 million customer profiles, 140 million customer orders, and employment candidate information with Social Security Numbers, license numbers and other demographics was all part of the data was stolen.

The Dataset is for sale for $1.5 million on the dark web by the hacking group Sp1dr3.

According to CrowdStrike and Mandiant (Google) this seems to have been a credential stuffing attack and not due to some exploitable vulnerability.

The Snowflake breach could intern result in the largest MOAB breach (Mother of All Breaches) ever.

Other potential organizations that could be next are companies like Adobe, AT&T, Kraft Heinz, Mastercard, Micron, Capital One, Doordash, HP, Nielsen, Novartis, Okta, PepsiCo, Siemens, and many others.

What can be done to protect your information:

  • Use strong passwords and never use them across multiple accounts
  • Implement 2-factor authentication
  • Regularly monitor your accounts for any strange activity and report it
  • Remain vigilant and on the lookout for Phishing e-mails, Smishing text messages, and Quishing QR code attacks.
  • Remember if it sounds too good to be true it isn’t

Ben Franklin once said, “A ounce of prevention is worth a pound of cure”.

#Breach, #SecurityBreach, #Cloud, #Riskassessment, #Vulnerabilityassessment, #PenetrationTest, #Compliance, #Hack

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.