The personal information of a former employee’s demo account was obtained and used by threat actors, in particular, because the account was not behind Okta or Multi-Factor Authentication (MFA), unlike Snowflake’s business and production systems, according to Jones.
“The incident at Snowflake is due to the same issue we see across the market, companies are not including the security of their SaaS applications in their security design,” said Brian Soby, chief technology officer and founder of AppOmni. . “In this case, the attacker simply bought the stolen credentials and used them to log directly into Snowflake’s ServiceNow instance, as it was poorly configured to allow Single Sign On (SSO) to be optional instead of mandatory.”
The threat group, ShinyHunters, which recently claimed responsibility for the Santander and Ticketmaster breaches, is said to have stolen data from cloud storage company Snowflake after hacking into an employee’s account.
Source link