Sridhar Ramaswamy, CEO of Snowflake and formerly co-founder and CEO of startup Neeva, speaks at the Collision conference in Toronto on June 21, 2022.
Eóin Noonan | Sport | Collision | beautiful images
Snowflakes has spent the past seven weeks dealing with the fallout from a major cyberattack that compromised sensitive customer data at some of its clients. The software company’s problems just got a whole lot worse.
Telecom giant AT&T say in one submit application as prescribed on Friday that hackers exploited a cloud platform that stores customer data, gaining access to subscribers’ call and text message records over a six-month period in 2022. The data included phone numbers, total call duration and some details about cell signal locations, AT&T said in the filing.
An AT&T spokesperson told CNBC that the cloud service is owned by Snowflake. Snowflake shares fell 1.8% on Friday, while the Nasdaq rose 0.6%.
This is the most serious incident since Snowflake. disclosure breach on May 30, writing in a blog post at the time, “We became aware of potential unauthorized access to some customer accounts on May 23, 2024.” Snowflake enlisted the help of cybersecurity software vendor Mob attack And Alphabet Mandiant to investigate.
Mandiant wrote in a blog post Last month, the company and Snowflake alerted 165 “potentially impacted organizations” to the incident through their “Victim Notification Program.” Mandiant blamed the attack on a financially motivated group it calls UNC5537, with members based in North America and Turkey. UNC5537 used credentials that were available online after they were stolen privately with malware.
Before Friday, the most notable companies involved in the Snowflake breach were Advanced Auto PartsLendingTree, operator of Ticketmaster Country of living And Santander Banksaid in Mid-MayBefore Snowflake disclosed, “We recently discovered unauthorized access to a Santander database hosted by a third-party vendor.”
AT&T is much larger. The company has 242 million wireless mobile service customers in the United States at the end of last year, with 128 million connected devices.
The carrier said the data breach involved “nearly all AT&T wireless customers and customers of mobile virtual network operators” who use its wireless network.
“While the data does not include customer names, there are often ways, using publicly available online tools, to find the name associated with a particular phone number,” AT&T wrote. The attackers were not able to access the contents of calls or messages.
A Snowflake spokesperson did not comment when asked about the AT&T attack. The spokesperson pointed to the company’s previous statements about the attack.
Mandiant said in its blog post that some of the malware infections in Snowflake’s systems dated back to 2020, and in some cases, the credentials were still valid years after they were stolen. In some cases, the credentials were taken from PCs used by contractors for Snowflake customers — devices that were also used for personal activities, including downloading pirated software.
Mandiant said the username and password were enough for UNC5537 to gain access to the customer’s Snowflake environment because they had not enabled multi-factor authentication. From there, the hacker exfiltrated “large amounts of customer data.” Mandiant added that UNC5537 began extorting the victim and attempting to sell the customer data online.
AT&T said Friday that it does not believe the attack will have a significant impact on the company’s financial situation.
But Snowflake has warning investors that the company could face reputational harm and “significant liability” if it “experiences an actual or perceived security breach or unauthorized parties gain access to customer data, our data or our platform.”
Earlier this week, Snowflake published a blog post says that administrators can enforce the use of mandatory multi-factor authentication.
This deepening story is a growing challenge for Sridhar Ramaswamy, the former Google executive who in February Replaced Frank Slootman is CEO of Snowflake. Days before the hack, Snowflake shares fell 5% after management cut the company’s full-year adjusted operating income forecast.
Snowflake, founded in 2012, went public in 2020, raising more than $3 billion in the largest initial public offering ever for a software company. Since a large company first day pop that raised the company’s market capitalization to more than $70 billion, Snowflake has since fallen in value, with shares closing at $134.73 on Friday at a valuation of about $45 billion.
