Sign up for our daily and weekly newsletters to keep up with the latest scoop! We’ve got all the insider info you need on what’s trending in the world of artificial intelligence.
Your personal information is like gold on the dark web—it’s what fuels a multibillion-dollar fraud industry every year. Just look at recent breaches targeting big names like Santander, TicketMaster, and Snowflake. Even the latest incidents at Advanced Auto Parts and LendingTree’s QuoteWizard show these cyber attackers constantly upping their game, exploiting any weak spot they can find. TechCrunch just confirmed a bunch of Snowflake’s customer passwords floating around the web, thanks to malware that steals info. See, Snowflake didn’t make it a must to use multi-factor authentication (MFA), which is part of why their customers are now facing identity theft.
These cyber crooks are so sure of themselves that they’re brazenly chatting with cybercrime intel folks on Telegram, trading tips and intel. Hudson Rock, a cybercrime intel group, dropped a bombshell in their blog—a post they had to pull later—spilling the beans on how Snowflake got hacked. They even chatted with the hacker responsible for both the Snowflake and the Santander breaches. According to this post, the hacker got into an employee’s account, dodged the OKTA security, and stirred up trouble inside Snowflake’s system, snatching heaps of data unnoticed.
Let’s hit the pause button on single-factor authentication. By default, Snowflake users don’t get the multi-factor deal—it’s a choice, and the platform tells you to sign up for it through their website if you want it. Teams like CrowdStrike and Mandiant noticed a pattern—users who stick with single-factor are like magnets to attacks. Threat actors are out there using stolen passwords to wreak havoc, as shown in a Snowflake users’ forum. Even CISA is waving red flags at all Snowflake users.
To all who wanted to catch VB Transform live, the in-person tickets for 2024 are all gone! But hey, there’s still a chance to get all the good stuff on-demand, post-conference – just sign up!
Here’s the deal on how tight Snowflake’s security is: Crowdstrike, Mandiant, and Snowflake revealed some hacker managed to get an ex-employee’s personal login and peek into some demo accounts. Good news though, those accounts were just for show and disconnected from the main network, so no harm, no foul. The latest updates say there’s no sign that the breaches were due to any chinks in Snowflake’s armor.
Now, imagine the nightmare for millions of people as their identities get tossed around. Santander’s reeling from a breach that saw credit card and personal info for roughly 30 million customers get lifted—yep, it’s one of their biggest security messes to date. Meanwhile, TicketMaster’s in the same boat with a breach affecting a staggering 560 million customers. Yikes! The cherry on top? ShinyHunters, a group of cyber toughs, bragged on a hacking forum (one the FBI thought they’d shut down) about having TicketMaster’s customer info and put a price tag of half a mil on it. And you’ve got more data from other companies, like Advance Auto Parts and QuoteWizard, that were also thrown into the mix presented as part of the Snowflake debacle.
Santander and TicketMaster are tackling this crisis head-on with a heavy dose of honesty. They’ve been upfront about unauthorized peeks into their cloud databases. Take TicketMaster’s mama company, Live Nation—they filed an alert with the Securities and Exchange Commission after catching some shady activity on their database in May, and they’re pulling out all the stops to protect their users and working closely with the authorities and customers to keep everyone in the loop.
When hackers have the audacity to snatch nearly 600 million records full of juicy identity info, it’s high time we get smarter about how we guard and verify identities. Trust is a hacker’s best friend when it comes to breaking in. The “zero trust” approach is like being on DEFCON 1 all the time—assume you’re already hit and your enemy’s sneaking through your network. Most enterprises that got hit by identity breaches say it rattled their business big time. Most of them also agree that if they’d slapped on those zero-trust seatbelts sooner, they’d be in less trouble now. IAM, the guardian of identity security, is now front and center in both the tech world and the White House’s game plan.
VentureBeat has caught wind that tons of IT and security teams are taking a good, hard look at beefing up user authentication across the board. They’re running trials on things like passwordless login, which is getting more attention despite good old passwords still lurking around. As Gartner’s experts pointed out,