A story about two companies fighting for the truth.
Hudson Rock has removed its online report on the hacking of cloud storage and analytics systems by Snowflake, citing legal pressure from the latter. The report claimed that attackers gained access to Snowflake's systems and stole data from hundreds of customers, including Ticketmaster and Santander Bank customer information.
Hudson Rock said that criminals gained access to the credentials of a Snowflake employee using malware, which allowed them to download a huge amount of data from the cloud accounts of Snowflake customers. However, Snowflake claims that there was no such hack.
Although it is known that the data of Ticketmaster and Santander was indeed stolen, the exact details about the method and source of the leak are not yet known. A Ticketmaster representative said that the stolen data was placed in Snowflake.
Snowflake says that if customer data was stolen, it could have been due to the compromise of customer credentials themselves through phishing, leaks or malware, and not due to the hacking of their own security systems. The company believes that a limited number of customers may have actually been affected by the use of stolen credentials, especially if they did not have two-factor authentication enabled.
The company categorically denies hacking its systems and insisted that Hudson Rock delete its report, which claimed otherwise. On June 3, Hudson Rock said it was removing all content related to their report, according to a legal letter received from Snowflake. The company declined to comment further.
Hudson Rock's Content Removal Statement
On May 31, Hudson Rock published a now-deleted report claiming that attackers used a Snowflake employee's ServiceNow account to access databases of up to 400 Snowflake corporate clients. At the same time, it was stated that the hackers themselves contacted Hudson Rock and provided information about the scale of the hack.
Snowflake confirmed that the employee's credentials were indeed stolen, but they were only used to access demo accounts that do not contain sensitive data. Accounts were not protected by multi-factor authentication, unlike in production and enterprise Snowflake systems.
Meanwhile, Snowflake acknowledged that a limited number of Snowflake customers may have been attacked due to a targeted campaign against users without an MFA. Attackers could have used credentials obtained through phishing or malware to gain access to customers cloud storage.
Snowflake found no evidence that the hack was caused by a compromise of the credentials of current or former employees of Snowflake or a vulnerability in the company's platform. Together with CrowdStrike and Mandiant, Snowflake continues to investigate the incident, strongly recommending that customers enable multi-factor authentication.
Meanwhile, other major clients of Snowflake, such as Live Nation Entertainment, have already reported unauthorized activity in their cloud databases. There were also reports from information security specialists that other Snowflake clients may have been affected by data theft in May.
CrowdStrike and Mandiant declined to comment on the situation, citing an ongoing investigation. Snowflake also declined to name specific customers whose data was compromised.
Hudson Rock has removed its online report on the hacking of cloud storage and analytics systems by Snowflake, citing legal pressure from the latter. The report claimed that attackers gained access to Snowflake's systems and stole data from hundreds of customers, including Ticketmaster and Santander Bank customer information.
Hudson Rock said that criminals gained access to the credentials of a Snowflake employee using malware, which allowed them to download a huge amount of data from the cloud accounts of Snowflake customers. However, Snowflake claims that there was no such hack.
Although it is known that the data of Ticketmaster and Santander was indeed stolen, the exact details about the method and source of the leak are not yet known. A Ticketmaster representative said that the stolen data was placed in Snowflake.
Snowflake says that if customer data was stolen, it could have been due to the compromise of customer credentials themselves through phishing, leaks or malware, and not due to the hacking of their own security systems. The company believes that a limited number of customers may have actually been affected by the use of stolen credentials, especially if they did not have two-factor authentication enabled.
The company categorically denies hacking its systems and insisted that Hudson Rock delete its report, which claimed otherwise. On June 3, Hudson Rock said it was removing all content related to their report, according to a legal letter received from Snowflake. The company declined to comment further.
Hudson Rock's Content Removal Statement
On May 31, Hudson Rock published a now-deleted report claiming that attackers used a Snowflake employee's ServiceNow account to access databases of up to 400 Snowflake corporate clients. At the same time, it was stated that the hackers themselves contacted Hudson Rock and provided information about the scale of the hack.
Snowflake confirmed that the employee's credentials were indeed stolen, but they were only used to access demo accounts that do not contain sensitive data. Accounts were not protected by multi-factor authentication, unlike in production and enterprise Snowflake systems.
Meanwhile, Snowflake acknowledged that a limited number of Snowflake customers may have been attacked due to a targeted campaign against users without an MFA. Attackers could have used credentials obtained through phishing or malware to gain access to customers cloud storage.
Snowflake found no evidence that the hack was caused by a compromise of the credentials of current or former employees of Snowflake or a vulnerability in the company's platform. Together with CrowdStrike and Mandiant, Snowflake continues to investigate the incident, strongly recommending that customers enable multi-factor authentication.
Meanwhile, other major clients of Snowflake, such as Live Nation Entertainment, have already reported unauthorized activity in their cloud databases. There were also reports from information security specialists that other Snowflake clients may have been affected by data theft in May.
CrowdStrike and Mandiant declined to comment on the situation, citing an ongoing investigation. Snowflake also declined to name specific customers whose data was compromised.
