After Ticketmaster linked its data breach to Snowflake, LendingTree confirmed its subsidiary, QuoteWizard, had data stolen from Snowflake.
“We use Snowflake for our operations and were notified that QuoteWizard data may have been impacted,” said LendingTree spokesperson Megan Greuling to TechCrunch. “We launched an internal investigation and found no consumer financial account information or LendingTree data affected.”
Greuling declined to comment further due to the ongoing investigation.
What Snowflake isn’t saying about its customer data breaches https://t.co/kGNKltP44M
— TechCrunch (@TechCrunch) June 8, 2024
Snowflake has made limited statements, emphasizing that its own systems were not breached and attributing the incidents to customers not using multi-factor authentication (MFA), which Snowflake does not enforce. A former employee’s “demo” account, protected only by a username and password, was compromised.
In a statement, Snowflake reiterated its position, citing a targeted campaign against users with single-factor authentication using credentials stolen by malware or from previous breaches.
The absence of MFA allowed cybercriminals to download substantial amounts of data from Snowflake customers’ environments.
TechCrunch found online hundreds of Snowflake customer credentials stolen by malware, indicating an ongoing risk for customers who haven’t changed passwords or enabled MFA.
TechCrunch has asked Snowflake numerous questions about the incident, but Snowflake has often declined to respond.
Key questions include:
- How many Snowflake customers are affected, or if Snowflake knows yet.
- The timeframe of when Snowflake became aware of the intrusions and why there was a delay in detecting and alerting customers about data exfiltration.
- The role of the former employee’s demo account in the breaches, and what data it contained.
Snowflake’s statement about the demo account being accessed by threat actors suggests it did not contain sensitive data, but Snowflake has not defined what it considers sensitive data.
TechCrunch has also questioned why Snowflake hasn’t reset customer passwords or enforced MFA, as is common practice after breaches. Snowflake advises customers to reset credentials and enforce MFA, emphasizing customer responsibility under its shared responsibility model.
Despite Snowflake’s plans to require advanced security controls, such as MFA, no timeframe has been given for these measures.