Cloud computing-based data company Snowflake has come under scrutiny recently due to multiple attacks targeting its customers. The victims reportedly include major players such as Advance Auto Parts, Ticketmaster, and Santander Bank.
After investigation, a lack of enforcement of multi-factor authentication (MFA) policies seems to be to blame. This issue is part of a larger trend, with over 20 major breaches reported in 2024 alone, according to TechRadar Pro. This highlights the urgent need for stronger cybersecurity measures across the industry.
Hacker group ShinyHunters claims responsibility
Hacker organization ShinyHunters has taken responsibility for these attacks, stating that they used Snowflake user accounts to orchestrate the breaches. The incidents exposed the data of half a billion customers. Snowflake has since clarified that its own systems were not compromised and that it was not responsible for the breaches. However, the company acknowledged that the attackers used credentials belonging to a former employee.
How did these attacks occur? Breaches can happen in many different ways, through many different avenues. The culprit, it seems, was a simple one — the lack of MFA enforcement.
As pointed out by a recent TechCrunch report, Snowflake documentation shows that “at this time, users are not automatically enrolled in MFA.”
“To use MFA, users must enroll themselves,” the documentation states.
The Cybersecurity Advisory highlights best practices and mitigations for MSPs and customers, one of the key points being “enforcing multi-factor authentication (MFA) on MSP accounts that access the customer environment and monitoring MSP account activity.” Against such advice, Snowflake previously left the option to add multi-factor authentication entirely up to individual users, according to the company’s FAQ page.
MFA is generally considered the gold standard for cybersecurity, strongly recommended by experts to protect users from threats. Not enabling it can leave a gaping hole in defenses, one that attackers can easily squeeze through and exploit.
“Most users, when given the option of convenience over security, will choose their own convenience,” said Dawn Sizer, CEO of 3rd Element Consulting. “The only way to change this thinking is to make security the norm, not the exception. It’s something that should have been done long ago as an industry standard, but was probably inconvenient.”
This sentiment highlights the need for systemic change in how security measures are implemented and enforced.
Snowflake’s response and future plans
Snowflake CEO Sridhar Ramaswamy recently told Runtime that after several major breaches linked to password-only secured Snowflake accounts, there is no doubt that the company needs to take action.
“It’s clear that we have to do something about this,” Ramaswamy was quoted saying on the last day of the Snowflake Data Cloud Summit last week. Snowflake has been urging customers all week to turn on MFA security features for their accounts, “but I think making this programmatic is the next logical step we do need to take,” he added.
Due to the data theft incidents, Snowflake is planning to make MFA the default setting for users of its cloud data platform.
MFA move highlights need for proactive security
The recent breaches have underscored the critical importance of robust security measures such as MFA. While Snowflake’s move to make MFA the default setting is indeed a positive step, it also serves as a pretty significant reminder to companies and users alike of the importance of proactive security practices.
Making security a default rather than an option can help prevent such vulnerabilities in the future.
Read more about the importance of protecting sensitive information and critical systems with processes and tools such as MFA and privileged access management (PAM).