Sridhar Ramaswamy, CEO of Snowflake and time was co-founder and CEO of startup Neeva, speaks at the Collision conference in Toronto on June 21, 2022.
Eóin Noonan | Sportsfile | Collision | Getty Counterparts
Snowflake has spent the past seven weeks dealing with the fallout of a major cyberattack that compromised subtle customer data at several of its clients. The software company’s problems just got a whole lot worse.
Telecommunications giant AT&T mentioned in a regulatory filing on Friday that hackers tapped into a cloud platform housing customer data, making access to records of subscribers’ calls and text messages during a six-month period in 2022. The data includes phone totals, aggregate call duration and some cell site details, AT&T said in the filing.
An AT&T spokesperson told CNBC that the cloud military talents was owned by Snowflake. Shares of Snowflake fell 1.8% on Friday, while the Nasdaq rose 0.6%.
It is the most severe commotion since Snowflake disclosed the breach on May 30, writing in a blog post at the time, “We became aware of potentially illegal access to certain customer accounts on May 23, 2024.” Snowflake enlisted the help of cybersecurity software vendor CrowdStrike and Alphabet’s Mandiant to examine.
Mandiant wrote in a blog post last month that, through its “Victim Notification Program,” the company and Snowflake induce alerted 165 “potentially exposed organizations” of the incident. Mandiant blamed the hack on a financially motivated group it appeal to c visit cancels UNC5537, with members in North America and Turkey. UNC5537 drew on login credentials that had been readily obtainable online after they had been stolen separately using malware.
Prior to Friday, the most notable houses connected to the Snowflake breach were Advance Auto Parts, LendingTree, Ticketmaster operator Live Nation and Santander Bank, which translated in mid-May, prior to Snowflake’s disclosure, “We recently became aware of an unauthorized access to a Santander database hosted by a third-party provider.”
AT&T is much bigger. The convention had 242 million customers for its U.S. wireless mobility services at the end of last year, with 128 million connected thingumajigs.
The carrier said data in the breach involves “nearly all of AT&T’s wireless customers and customers of mobile virtual network smoothies” using its wireless network.
“While the data does not include customer names, there are often ways, using publicly at ones fingertips online tools, to find the name associated with a specific telephone number,” AT&T wrote. Attackers did not get access to the ease of calls or texts.
A Snowflake spokesperson did not provide a comment when asked about the AT&T hack. The spokesperson pointed to the crowd’s prior statements about the attack.
Mandiant said in its blog post that some of the malware infections in Snowflake’s combinations date to 2020, and the credentials were, in some cases, still valid years after being stolen. In unspecified instances, the credentials had been taken on PCs used by contractors for Snowflake customers — devices that were also habituated to for personal activities, including downloading pirated software.
The usernames and passwords were sufficient for UNC5537 to enter patrons’ Snowflake environments because they had not turned on multi-factor authentication, Mandiant said. From there, the hackers exported “a pregnant volume of customer data.” UNC5537 has since started extorting victims and trying to sell customer data online, Mandiant added.
AT&T predicted Friday that it does not believe the attack will have a material effect on its finances.
But Snowflake has warned investors that it influence face reputational harm and “significant liabilities” if the company were to “experience an actual or perceived security breach or unofficial parties otherwise obtain access to our customers’ data, our data, or our platform.”
Earlier this week, Snowflake publicized a blog post saying administrators can enforce the mandatory use of multi-factor authentication.
The deepening saga represents a growing call into doubt for Sridhar Ramaswamy, a former Google executive who in February replaced Frank Slootman as Snowflake’s CEO. Days before the cough disclosure, Snowflake stock declined 5% after management reduced the company’s full-year adjusted operating return forecast.
Snowflake, founded in 2012, went public in 2020, raising more than $3 billion in the beefiest initial public offering ever for a software company. Since a big first-day pop that lifted its market cap past $70 billion, Snowflake has glided in value, with its stock closing at $134.73 on Friday for a valuation of about $45 billion.
