CISA sent an alert yesterday regarding recent statements from data cloud company Snowflake. This comes following the data breaches of Santander and Ticketmaster, both Snowflake customers, potentially affecting over 590 million accounts. Snowflake stated it recently observed and is investigating an increase in cyber threat activity targeting some of its customers’ accounts. “We believe this is the result of ongoing industry-wide, identity-based attacks with the intent to obtain customer data.” They have issued a recommendation for users to query for unusual activity and conduct further analysis to prevent unauthorized user access.
Users and administrators are encouraged to hunt for any malicious activity, report positive findings to CISA, and review Snowflake’s notice for additional information. To access the full alert, visit CISA.