Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Hundreds of Snowflake customers may have been hit by breach that stole "significant" data

A zoomed-in picture of a computer screen displaying a login window with a password typed in.

The number of organizations who have had their sensitive data stolen following the recent Snowflake breach is likely in the hundreds, new research has claimed.

A report from Mandiant, which is currently investigating the breach, says the two companies have notified 165 organizations - but as the attack is ongoing, the total number of victims will probably rise further.

Mandiant attributed the attack to UNC5537, which, since this is a brand new moniker, means this is either an entirely new threat actor, or one whose actual identity had not yet been confirmed.

Financially motivated attack

The researchers said the group was financially motivated, meaning this was not the work of a nation-state. Finally, most of its members apparently reside in North America, with at least one additional member being in Turkey. 

"Mandiant's investigation has not found any evidence to suggest that unauthorized access to Snowflake customer accounts stemmed from a breach of Snowflake's enterprise environment," Mandiant said in its findings. "Instead, every incident Mandiant responded to associated with this campaign was traced back to compromised customer credentials."

It added it believes the group is trying to extort money from its victims, in exchange for keeping the data safe.

Snowflake is a major cloud storage firm with almost 10,000 corporate customers. News of a security incident at the company first started emerging in late May 2024, when Ticketmaster reported losing sensitive information on more than 500 million people.

Snowflake denied the breach originated from its infrastructure, and instead claimed the incident was the result of a successful credential stuffing attack. In a credential stuffing attack, the threat actor “stuffs” the platform with countless login combinations obtained elsewhere (usually bought off the black market) until it finds one that works. 

Ticketmaster is not the only company that came forward with news of a breach and data theft. Advance Auto Parts also confirmed suffering an attack, with news reports claiming hundreds of millions of customers being compromised, as well as hundreds of thousands of employees. LendingTree, an online lending marketplace, also fell prey to the attack.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.