Sridhar
Ramaswamy,
CEO
of
Snowflake
and
formerly
co-founder
and
CEO
of
startup
Neeva,
speaks
at
the
Collision
conference
in
Toronto
on
June
21,
2022.
Eóin
Noonan
|
Sportsfile
|
Collision
|
Getty
Images
Snowflake
has
spent
the
past
seven
weeks
dealing
with
the
fallout
of
a
major
cyberattack
that
compromised
sensitive
customer
data
at
several
of
its
clients.
The
software
company’s
problems
just
got
a
whole
lot
worse.
Telecommunications
giant
AT&T
said
in
a
regulatory
filing
on
Friday
that
hackers
tapped
into
a
cloud
platform
housing
customer
data,
gaining
access
to
records
of
subscribers’
calls
and
text
messages
during
a
six-month
period
in
2022.
The
data
includes
phone
numbers,
aggregate
call
duration
and
some
cell
site
details,
AT&T
said
in
the
filing.
An
AT&T
spokesperson
told
CNBC
that
the
cloud
service
was
owned
by
Snowflake.
Shares
of
Snowflake
fell
1.8%
on
Friday,
while
the
Nasdaq
rose
0.6%.
It
is
the
most
severe
incident
since
Snowflake
disclosed
the
breach
on
May
30,
writing
in
a
blog
post
at
the
time,
“We
became
aware
of
potentially
unauthorized
access
to
certain
customer
accounts
on
May
23,
2024.”
Snowflake
enlisted
the
help
of
cybersecurity
software
vendor
CrowdStrike
and
Alphabet’s
Mandiant
to
investigate.
Mandiant
wrote
in
a
blog
post
last
month
that,
through
its
“Victim
Notification
Program,”
the
company
and
Snowflake
have
alerted
165
“potentially
exposed
organizations”
of
the
incident.
Mandiant
blamed
the
hack
on
a
financially
motivated
group
it
calls
UNC5537,
with
members
in
North
America
and
Turkey.
UNC5537
drew
on
login
credentials
that
had
been
available
online
after
they
had
been
stolen
separately
using
malware.
Prior
to
Friday,
the
most
notable
companies
connected
to
the
Snowflake
breach
were
Advance
Auto
Parts,
LendingTree,
Ticketmaster
operator
Live
Nation
and
Santander
Bank,
which
said
in
mid-May,
prior
to
Snowflake’s
disclosure,
“We
recently
became
aware
of
an
unauthorized
access
to
a
Santander
database
hosted
by
a
third-party
provider.”
watch
now
AT&T
is
much
bigger.
The
company
had
242
million
customers
for
its
U.S.
wireless
mobility
services
at
the
end
of
last
year,
with
128
million
connected
devices.
The
carrier
said
data
in
the
breach
involves
“nearly
all of
AT&T’s
wireless
customers
and
customers
of
mobile
virtual
network
operators”
using
its
wireless
network.
“While
the
data
does
not
include
customer
names,
there
are
often
ways,
using
publicly
available
online
tools,
to
find
the
name
associated
with
a
specific
telephone
number,”
AT&T
wrote.
Attackers
did
not
get
access
to
the
content
of
calls
or
texts.
A
Snowflake
spokesperson
did
not
provide
a
comment
when
asked
about
the
AT&T
hack.
The
spokesperson
pointed
to
the
company’s
prior
statements
about
the
attack.
Mandiant
said
in
its
blog
post
that
some
of
the
malware
infections
in
Snowflake’s
systems
date
to
2020,
and
the
credentials
were,
in
some
cases,
still
valid
years
after
being
stolen.
In
certain
instances,
the
credentials
had
been
taken
on
PCs
used
by
contractors
for
Snowflake
customers
—
devices
that
were
also
used
for
personal
activities,
including
downloading
pirated
software.
The
usernames
and
passwords
were
sufficient
for
UNC5537
to
enter
customers’
Snowflake
environments
because
they
had
not
turned
on
multi-factor
authentication,
Mandiant
said.
From
there,
the
hackers
exported
“a
significant
volume
of
customer
data.”
UNC5537
has
since
started
extorting
victims
and
trying
to
sell
customer
data
online,
Mandiant
added.
AT&T
said
Friday
that
it
does
not
believe
the
attack
will
have
a
material
effect
on
its
finances.
But
Snowflake
has
warned
investors
that
it
might
face
reputational
harm
and
“significant
liabilities”
if
the
company
were
to
“experience
an
actual
or
perceived
security
breach
or
unauthorized
parties
otherwise
obtain
access
to
our
customers’
data,
our
data,
or
our
platform.”
Earlier
this
week,
Snowflake
published
a
blog
post
saying
administrators
can
enforce
the
mandatory
use
of
multi-factor
authentication.
The
deepening
saga
represents
a
growing
challenge
for
Sridhar
Ramaswamy,
a
former
Google
executive
who
in
February
replaced
Frank
Slootman
as
Snowflake’s
CEO.
Days
before
the
hacking
disclosure,
Snowflake
stock
declined
5%
after
management
reduced
the
company’s
full-year
adjusted
operating
income
forecast.
Snowflake,
founded
in
2012,
went
public
in
2020,
raising
more
than
$3
billion
in
the
biggest
initial
public
offering
ever
for
a
software
company.
Since
a
big
first-day
pop
that
lifted
its
market
cap
past
$70
billion,
Snowflake
has
slid
in
value,
with
its
stock
closing
at
$134.73
on
Friday
for
a
valuation
of
about
$45
billion.
watch
now