Close Menu
Technology Mag

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    The Asus Chromebook CX14 Is a $429 Laptop That Isn’t Horrible

    July 31, 2025

    Aaron Sorkin’s Social Network sequel might recast Mark Zuckerberg

    July 31, 2025

    How WIRED Analyzed the Epstein Video

    July 31, 2025
    Facebook X (Twitter) Instagram
    Subscribe
    Technology Mag
    Facebook X (Twitter) Instagram YouTube
    • Home
    • News
    • Business
    • Games
    • Gear
    • Reviews
    • Science
    • Security
    • Trending
    • Press Release
    Technology Mag
    Home » The Snowflake Attack May Be Turning Into One of the Largest Data Breaches Ever
    Security

    The Snowflake Attack May Be Turning Into One of the Largest Data Breaches Ever

    News RoomBy News RoomJune 8, 20243 Mins Read
    Facebook Twitter Pinterest LinkedIn Reddit WhatsApp Email

    A LendingTree spokesperson confirmed in a statement to WIRED that the company uses Snowflake “for our business operations” and that the company was notified that its QuoteWizard subsidiary “may have had data impacted by this incident.” LendingTree’s spokesperson says an internal investigation is ongoing. “As of this time, it does not appear that consumer financial account information was impacted, nor information of the parent entity, LendingTree,” the spokesperson says.

    Since Snowflake acknowledged that accounts had been targeted, it has provided some more information about the incident. Brad Jones, Snowflake’s chief information security officer, said in a blog post that threat actors used login details to accounts that had been “purchased or obtained through infostealing malware,” which is designed to pull usernames and passwords from devices that have been compromised. The incident appears to be a “targeted campaign directed at users with single-factor authentication,” Jones added.

    Jones’ post said Snowflake, alongside cybersecurity companies CrowdStrike and Mandiant, which it employed to investigate the incident, did not find evidence showing the attack was “caused by compromised credentials of current or former Snowflake personnel.” However, it has found one former employee’s demo accounts were accessed, claiming they did not contain sensitive data.

    When asked about potential breaches of specific companies’ data, a Snowflake spokesperson pointed to Jones’ statement: “We have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform.” In a follow-up statement, the company clarified what it meant by “breach”: “Any of our customer’s accounts that were accessed as the result of leaked credentials are not caused by … Snowflake,” a spokesperson said. (Security company Hudson Rock said it removed a research post including various unverified claims about the Snowflake incident after receiving a legal letter from Snowflake).

    The US Cybersecurity and Infrastructure Security Agency has issued an alert about the Snowflake incident, while Australia’s Cyber Security Center said it is “aware of successful compromises of several companies utilizing Snowflake environments.”

    Unclear Origins

    Little is known about the Sp1d3r account advertising data on BreachForums, and it is not clear whether ShinyHunters obtained the data it was selling from another source or directly from victims’ Snowflake accounts—information about a Ticketmaster and Santander breach was originally posted on another cybercrime forum by a new user called SpidermanData.

    The Sp1d3r account posted on BreachForums that the 2 terabytes of alleged LendingTree and QuoteWizard data was for sale for $2 million; while 3 TB of data allegedly from Advance Auto Parts would cost someone $1.5 million. “The price set by the threat actor appears extremely high for a typical listing posted to BreachForums,” says Chris Morgan, a senior cyber-threat intelligence analyst at security firm ReliaQuest.

    Morgan says the legitimacy of Sp1d3r is not clear; however, he points out there is a nod to teenage hacking group Scattered Spider. “Interestingly, the threat actor’s profile picture is taken from an article referencing the threat group Scattered Spider, although it is unclear whether this is to make an intentional association with the threat group.”

    Share. Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Email
    Previous ArticleMSI Claw after more updates: nope, it’s still a dud
    Next Article Neuralink’s First User Is ‘Constantly Multitasking’ With His Brain Implant

    Related Posts

    How WIRED Analyzed the Epstein Video

    July 31, 2025

    Microsoft Put Older Versions of SharePoint on Life Support. Hackers Are Taking Advantage

    July 29, 2025

    DHS Faces New Pressure Over DNA Taken From Immigrant Children

    July 25, 2025

    At Least 750 US Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds

    July 24, 2025

    China’s Salt Typhoon Hackers Breached the US National Guard for Nearly a Year

    July 23, 2025

    How China’s Patriotic ‘Honkers’ Became the Nation’s Elite Cyberspies

    July 21, 2025
    Our Picks

    Aaron Sorkin’s Social Network sequel might recast Mark Zuckerberg

    July 31, 2025

    How WIRED Analyzed the Epstein Video

    July 31, 2025

    Join Us for WIRED’s AI Power Summit

    July 31, 2025

    What Your Nighttime Breathing Says About Your Health

    July 31, 2025
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Don't Miss
    Gear

    Google’s Newest AI Model Acts like a Satellite to Track Climate Change

    By News RoomJuly 31, 2025

    Google’s newest AI model is going to scour the Earth and, ideally, help it out.…

    Steam and Itch.io Are Pulling ‘Porn’ Games. Critics Say It’s a Slippery Slope to More Censorship

    July 31, 2025

    Epic’s Game Store is bringing Fortnite back to Google Play

    July 31, 2025

    Tesla’s ‘robotaxi’ rides in San Francisco have a human at the wheel

    July 31, 2025
    Facebook X (Twitter) Instagram Pinterest
    • Privacy Policy
    • Terms of use
    • Advertise
    • Contact
    © 2025 Technology Mag. All Rights Reserved.

    Type above and press Enter to search. Press Esc to cancel.