Snowflake has spent the last seven weeks coping with the aftermath of a serious cyberattack that compromised sensitive customer data belonging to several of its clients. The software company's problems just got a complete lot worse.
Telecommunications giant AT&T said in a regulatory filing Friday that hackers gained access to a cloud platform that stores customer data, getting access to subscribers' call and text message recordings during a six-month period in 2022. The data includes phone numbers, total call duration and a few cell location information, AT&T said within the filing.
An AT&T spokesperson told CNBC that the cloud service is owned by Snowflake. Snowflake shares fell 1.8 percent on Friday, while the Nasdaq rose 0.6 percent.
This is probably the most serious incident since Snowflake disclosed the breach on May 30, writing in a blog post on the time: “We became aware of potentially unauthorized access to certain customer accounts on May 23, 2024.” Snowflake enlisted the assistance of a cybersecurity software provider CrowdStrike And Alphabet Mandate for investigation.
Mandiant wrote in a blog entry last month that the corporate and Snowflake had notified 165 “potentially vulnerable organizations” of the incident through their Victim Notification Program. Mandiant blamed the hack on a financially motivated group called UNC5537, whose members live in North America and Turkey. UNC5537 used credentials that were available online after they were individually stolen using malware.
Before Friday, probably the most outstanding corporations linked to the Snowflake data leak were Advance Auto PartsLendingTree, Ticketmaster operator Live Nation and Santander Bank, which in middle of Maybefore Snowflake's disclosure: “We recently became aware of unauthorized access to a Santander database hosted by a third party.”
AT&T is far greater. The company had 242 million At the top of last yr, the corporate had 128 million customers and 128 million connected devices for its U.S. wireless mobility services.
The carrier said the information leak affected “nearly all AT&T wireless customers and mobile virtual network operator customers” who use its cellular network.
“Although the data does not contain customer names, there are often ways to find the name associated with a specific phone number using publicly available online tools,” AT&T wrote. Attackers didn’t gain access to the content of calls or text messages.
A Snowflake spokesperson declined to comment when asked in regards to the AT&T hack. The spokesperson referred to the corporate's previous statements in regards to the attack.
Mandiant said in its blog post that a number of the malware infections in Snowflake's systems date back to 2020, and in some cases the credentials were still valid years after they were stolen. In certain cases, the credentials were stolen on PCs utilized by contractors for Snowflake customers – devices that were also used for private activities, including downloading pirated software.
The usernames and passwords were enough for UNC5537 to interrupt into customers' Snowflake environments because they didn’t have multi-factor authentication enabled, Mandiant said. From there, the hackers exported “a significant amount of customer data.” UNC5537 has since begun extorting victims and attempting to sell customer data online, Mandiant added.
AT&T said on Friday that the attack wouldn’t have a major impact on the corporate's funds.
But Snowflake has warned investors that the corporate could face reputational damage and “significant liability risks” if “an actual or perceived breach of security occurs or unauthorized third parties otherwise gain access to our customers' data, our data or our platform”.
Earlier this week, Snowflake released a blog entry Administrators can implement the mandatory use of multi-factor authentication.
The deepening saga presents a growing challenge for Sridhar Ramaswamy, a former Google executive who replaced Frank Slootman as Snowflake's CEO in February. Days before the hack was revealed, Snowflake shares fell 5% after management cut its forecast for the corporate's full-year adjusted operating profit.
Snowflake was founded in 2012 and went public in 2020, making it the most important IPO ever by a software company. Since the large first-day surge that pushed the market cap above $70 billion, Snowflake's value has fallen. On Friday, the stock closed at $134.73, giving it a valuation of around $45 billion.
image credit : www.cnbc.com