Today, Snowflake, a digital storage provider recently surrounded by controversy due to the Ticketmaster breach, issued a joint statement with industry giants CrowdStrike and Mandiant. This statement addresses their preliminary findings in the ongoing investigation into a targeted threat campaign aga...
So apparently the hackers targeted Snowflake customers, Ticketmaster Santander etc, who FOR SOME REASON, DIDN'T HAVE 2FA TURNED ON ON THEIR SNOWFLAKE ACCOUNT?! HUH!!?
In the EU any bank requires customers to use 2FA. Dutch customs requires critical logistics companies to use 2FA (amongst other stuff).
From what I recall critical companies must address likely methods to breach their security. It is highly likely that a company will get loads of attempts to check. Similarly, a critical company is expected to deal with employees leaving and ensuring their access is revoked.
From skimming they seem to say that there isn't a breach because an account of an ex-employee was used. But that's too easy, the processes sucked. The way they got in is just one of the things that some EU regulation requires critical companies to address. Same for perhaps not forcing customers to use 2FA. That's crazy.
The EU is usually really slow in regulating things. If they got in using a method that the EU said you had to address then it means you had ages of time and nothing was done.
Really unresponsible. Especially as I think they seem be pretty critical part of the economy.
we have not identified evidence suggesting this activity was caused by compromised credentials of current or former Snowflake personnel;
we did find evidence that a threat actor obtained personal credentials to and accessed demo accounts belonging to a former Snowflake employee. It did not contain sensitive data. Demo accounts are not connected to Snowflake’s production or corporate systems.
They're claiming that no breach occured on any production systems. If they were really just demo accounts, then skipping the MFA is understandable.